I think this might require subsearching, but I would be intrigued to see if someone can come up with a more elegant solution than subsearching.
... View more
amMap works fine using a lookup, but what if the data already has the client_city, client_region, client_country, client_lon, and client_lat in the events as fields?
I would like to map these events without generating a lookup table.
... View more
I'm also interested. I would like to remove the message "Subsearches of a real-time search run over all-time unless explicit time bounds are specified within the subsearch."
... View more
Thanks for the links Lowell, unfortunately I don't think they will work for me since I'm using the "transaction" operator (which will have multiple _cd values).
What I'm doing is running a search that looks at all the commands logged by a user on a networking device and puts them into a single transaction. The user then needs to put an explanation and a ticket number to go along with the transaction. I'll open an enhancement request.
... View more
A user would like to click on the down arrow to the left of an event and leave a comment. I think I have seen this demoed in ESS. Is there a simple way to implement it?
... View more