to4kawa

Becherer · ‎01-15-2020

When I perform a search, the "events tab" count match actual data. Once I add "| geostats latfield=Latitude longfield=Longitude " to the search box, to be able to display on map, the results in the "statistics tab" go up in count by 11 and is not giving actual results. How can I have the geomap command look at the events and not "statistics tab"?

Why does the statistics results add 11 results compared to the events tab?

Thanks

to4kawa · ‎01-15-2020

geostats

The reason is that the number of fields being aggregated is different from the number of events. (e.g. no field)

by the way, what's stats-agg-term? and is your search mode Verbose?

Becherer · ‎01-16-2020

to4kawa

Is there a way for me to only aggregate the exact number of events?

to4kawa · ‎01-16-2020

simply,
geostats count latfield=Latitude longfield=Longitude

p.s. if you want to mention others, use @username not >

Event and Statistics not the same- Geostats

to4kawa

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...