Solved: What is the purpose of the `useother` macro

CSmoke · ‎01-31-2019

Looking at some of the built in dashboards in Enterprise Security, there is a macro named useother

| tstats count from datamodel=Web.Web where * by _time,Web.status span=10m | timechart minspan=10m useother=useother count by Web.status | drop_dm_object_name("Web")

It appears to set the value to true.

title = useother
args = none
definition = true

Can anyone explain why this is used instead of useother=true?

dkeck · ‎01-31-2019

HI,

they probably used this a lot in ES, so its easier if you want to change it to false, to have a marco. Thats probably it.

Just for better maintenance. Thats what a macro is for.

View solution in original post

dkeck · ‎01-31-2019

HI,

they probably used this a lot in ES, so its easier if you want to change it to false, to have a marco. Thats probably it.

Just for better maintenance. Thats what a macro is for.

CSmoke · ‎01-31-2019

Thanks, that makes sense.

What is the purpose of the `useother` macro

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk