Why this error message ? '}'

Question

Hi,I come to you because I have an error when I execute folloing query. Could any one help me please ? Here is my quary : (MsWinEventLog OR norm_id=WinServer*) label=Object label=Access  (access_list=\"*4417*\" OR access=\"*WriteData*\") {{user},}, {{fileshare},}, {{path},},  -relative_target in SYSTEM_PATHS | rename relative_target as Object, share_path as Path |  chart count() by user, device_name, object_type,Path, Object | fields user, device_name, object_type, Path, Object and when I execute this query I receive these error message : Thanks in advanceLooking forward to reading you

Gustav Elkjær Rødsgaard · Answer

Hi Micropole,I’m not entirely sure why your query looks like that. However after some testing i got it working with a modified version like below:(MsWinEventLog OR norm_id=WinServer*) label=Object label=Access (access_list="*4417*" OR access="*WriteData*")-relative_target in SYSTEM_PATHS | rename relative_target as Object, share_path as Path | chart count() by user, device_name, object_type,Path, Object| fields user, device_name, object_type, Path, Object You have to have the list “SYSTEM_PATHS” in the Logpoint for the query to work aswell.Best Regards,Gustav

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded