Hello , anyone have developed a dashboard using query formatted in YARA-L ? i'm looking to develop a dashboard to visualise dropped logs count for each log type ?
Who can help please ?
Dropped logs-Metrics
- Silver 2
+10This query should get you what you're looking for.
ingestion.log_type != ""
$log_type = ingestion.log_type
match:
$log_type
outcome:
$drop_count = sum(ingestion.drop_count)
order:
$drop_count desc
-mike
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.