Question

use Joinner method in Templates

3 months ago
26 January 2024
1 reply
56 views

Userlevel 1

Micropole
Known Participant
11 replies

Hi,

I Would like to use the joinner method in my template LogPoint. Whowever, I can’t use the “{{}}” for search parameter. Could you please tell me how should I do ?

Here is an exemple of this tamplate :

[ source_address=* display_name=* user=*] as s1 join [ user=* source_host=* source_address=* ] as s2 on s1.user = s2.user {{source_host}} | rename s2.source_host as source_host | process geoip(s1.source_address) as country| rename user as User | chart count() by User, country, source_host

Note => I would like to search by this parameter {{source_host}}

Thank you in advance.

Siawash,

1 reply

G

Userlevel 3

+3

Hi,

Could you try this modified search?

[ source_address=* display_name=* user=*] as s1  
join  
[ user=* source_host=* source_address=*  ] as s2  
on s1.user  = s2.user   
|filter source_host= {{source_host}} 
| rename  s2.source_host  as source_host   
|  process geoip(s1.source_address) as country 
| rename user as User  
|  chart count() by User, country, source_host

I added the filter line where “source_host={{source_host}} so you can search for this specific parameter.

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded