use Joinner method in Templates

Question

Hi,I Would like to use the joinner method in my template LogPoint. Whowever, I can’t use the “{{}}” for search parameter. Could you please tell me how should I do ? Here is an exemple of this tamplate : as s1 join  as s2 on s1.user  = s2.user   {{source_host}} | rename  s2.source_host  as source_host  |  process geoip(s1.source_address) as country|  rename user as User |  chart count() by User, country, source_host   Note => I would like to search by this parameter {{source_host}} Thank you in advance.Siawash,

Gustav Elkjær Rødsgaard · Answer

Hi,Could you try this modified search? as s1  join   as s2  on s1.user  = s2.user   |filter source_host= {{source_host}} | rename  s2.source_host  as source_host   |  process geoip(s1.source_address) as country | rename user as User  |  chart count() by User, country, source_host  I added the filter line where “source_host={{source_host}} so you can search for this specific parameter.

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded