Stan Bradley
| append [| inputlookup append=t unmanaged_highest.csv where cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName Since the “Last Located By the”| append [ inputlookup append=t unmanaged_med.csv in which cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName Once the “Past Located https://datingmentor.org/escort/midland/ Of the”]| append [| inputlookup append=t unmanaged_lowest.csv in which cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName Because “History Found Of the”] | append [| inputlookup notsupported.csv in which cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName Because the “History Receive By” ] | eval “Past Viewed (UTC)”=strfday(_date, “%m/%d/%y %I:%M%p”) | fillnull worth=null help | eval LocalAddressIP4=mvsort(mvdedup(split(LocalAddressIP4,” “))) | eval discoverer_aid=mvsort(mvdedup(split(discoverer_support,” “))) | eval aip=mvsort(mvdedup(split(aip,” “))) | kinds 0 -“Past Viewed (UTC)” | look oui.csv MACPrefix Efficiency Brand name, ManufacturerAddress | fillnull really worth=NA Company | eval Company=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) ]
|head one hundred |stats amount first(_time) while the first from the login name sourcetype | eval first=strftime(first,”%m/%d/%y %H:%M:%S”) | eval username=lower(username) | stats number of the login name sourcetype first | dedup login name
| inputlookup managedassets.csv | eval “Last Seen (UTC)”=strfbig date(_big date, “%m/%d/%y %I:%M%p”) | kinds 0 -“Past Seen (UTC)” | research oui.csv MACPrefix Yields Company | fillnull value=NA Company | eval Manufacturer=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer)
| sign up support [| inputlookup aid_learn in which cid=* | eval “Past Seen (UTC)”=strfbig date(_big date, “%m/%d/%y %I:%M%p”) | types 0 -“Last Viewed (UTC)” | lookup oui.csv MACPrefix Efficiency Manufacturer | fillnull worth=NA Brand | eval Brand=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) | dedup services]
| append [| inputlookup append=t unmanaged_highest.csv where cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Just like the “Last Receive By the” | append [ inputlookup append=t unmanaged_med.csv in which cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Since the “Past Located From the”] | append [| inputlookup append=t unmanaged_low.csv where cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName Because the “Last Discover Of the”] | append [| inputlookup notsupported.csv in which cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Since “Past Found By the” ] | eval “Last Viewed (UTC)”=strfday(_go out, “%m/%d/%y %I:%M%p”) | fillnull worthy of=null help | eval LocalAddressIP4=mvsort(mvdedup(split(LocalAddressIP4,” “))) | eval discoverer_aid=mvsort(mvdedup(split(discoverer_aid,” “))) | eval aip=mvsort(mvdedup(split(aip,” “))) | kinds 0 -“Past Viewed (UTC)” | browse oui.csv MACPrefix Returns Name brand, ManufacturerAddress | fillnull value=NA Company | eval Name brand=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) ]
| append [|inputlookup aws_ec2_photographs.csv] | append [|inputlookup aws_ec2_era.csv] | append [|inputlookup aws_ec2_mac_ip_search.csv] | append [|inputlookup aws_ec2_networkacl_entries.csv] | append [|inputlookup aws_ec2_networkacls.csv] | append [|inputlookup aws_ec2_networkinterface_privateips.csv] | append [|inputlookup aws_ec2_networkinterfaces.csv] | append [|inputlookup aws_ec2_securitygroup_laws and regulations.csv] | append [|inputlookup aws_ec2_securitygroups.csv] | append [|inputlookup aws_ec2_subnets.csv] | append [|inputlookup aws_ec2_amounts.csv] | append [|inputlookup aws_ec2_vpcs.csv] | append [|inputlookup aws_iam_account_aliases.csv]
| 155 | Es | _Day |
| inputlookup managedassets.csv | eval “Last Viewed (UTC)”=strfdate(_big date, “%m/%d/%y %I:%M%p”)| sort 0 -“Past Viewed (UTC)” | search oui.csv MACPrefix Yields Brand name | fillnull value=NA Company | eval Company=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) | signup assistance [| inputlookup services_learn in which cid=* | eval “Last Seen (UTC)”=strftime(_go out, “%m/%d/%y %I:%M%p”) | sort 0 -“Last Seen (UTC)” | search oui.csv MACPrefix Returns Brand | fillnull worthy of=NA Manufacturer | eval Name brand=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) | dedup aid] Stan Bradley| append [| inputlookup append=t unmanaged_high.csv where cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName Because the “Last Located By the”| append [ inputlookup append=t unmanaged_med.csv in which cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName Since the “History Located From the”]| append [| inputlookup append=t unmanaged_lowest.csv in which cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Due to the fact “Past Discover From the”] | append [| inputlookup notsupported.csv where cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Since “Last Found Of the” ] | eval “Past Viewed (UTC)”=strftime(_date, “%m/%d/%y %I:%M%p”) | fillnull worthy of=null support | eval LocalAddressIP4=mvsort(mvdedup(split(LocalAddressIP4,” “))) | eval discoverer_support=mvsort(mvdedup(split(discoverer_services,” “))) | eval aip=mvsort(mvdedup(split(aip,” “))) | sort 0 -“Last Seen (UTC)” | look oui.csv MACPrefix Efficiency Brand name, ManufacturerAddress | fillnull value=NA Name brand | eval Brand=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) ] |
157 | CS | ComputerName |
event_simpleName=”ProcessRollup2″ ComputerName=COMPUTERNAME FilePath=”*Users*” Otherwise CommandLine=”*Users*” | rex industry=FilePath setting=sed “s/.*\bUsers\b.(\w+)(\b.*)/\1/g” | rex field=CommandLine form=sed “s/.*\bUsers\b.(\w+)(\b.*)/\1/g” | regex CommandLine!=”(?i).\b.” | regex FilePath!=”(?i).\b.” Stan BradleyI became fortunate to be raised into a ranch in which I’d chances away from a young age so you’re able to seem fish and you may pitfall, We invested the majority of my personal youngsters bing search squirrels, rabbits, frog gigging and running turtle lines. I come deer hunting with my ribbon within age 16 a year ago designated my 35th bow 12 months about woods away from Kentucky inside the 1995 We visited large online game publication college into the Gunnison, Tx. We invested per year after that returning home We already been Poultry browse and it became certainly one of my greatest passions. Today I am privileged become part-owner off an effective turkey name business . I deer seem together with her about fall we poultry check with her on the spring i bowfish together with her in the summer what significantly more could i require. |
