Native Dashboard - help on filtering logs in array

Question

Hello Team,I am trying to filter telemetry based on the values in a array: security_result.detection_fields.valuefor example:metadata.log_type = "test"security_result.detection_fields.value[0] != "No" andsecurity_result.detection_fields.value[1] != "No" andsecurity_result.detection_fields.value[2] != "No" and$host = target.asset.hostnamematch:$hostThe idea is to check if the first 3 values in a array is not equal to "NO", if all the three conditions match, then get the count of the host. i am struggling in the condition where i try to check the values of array. is there any way to check conditions in array ?thanks.

Eoved · Accepted Answer

Hi Eoved,thanks for the reply. i tried the below. but it does not workmetadata.log_type = "test"any security_result.detection_fields.value != /No violation/ nocaseI am trying to check if the values of array contains no violation. Can you help?Try:metadata.log_type = "test"not any security_result.detection_fields.value = /No violation/ nocaseI did a similar query in my lab, and it should work.

Eoved · Answer

Hi,Please try the following:metadata.log_type = "test"any security_result.detection_fields.value != "No" $host = target.asset.hostnamematch:$host*you can use "any " to check across all values

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded