I found this search in ES Content Updates
| tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Network_Traffic where All_Traffic.app=tor AND All_Traffic.action=allowed by All_Traffic.src_ip All_Traffic.dest_ip All_Traffic.dest_port All_Traffic.action | `ctime(firstTime)` | `ctime(lastTime)` | `drop_dm_object_name("All_Traffic")`
What mean
`summariesonly`
And what should I do to make this search working?
↧