my dear friends,
I'm running the below search string that give me the following result:
index=qualys IP="*" DNS="*" cve="*" | table IP DNS cve | dedup IP DNS cve
result:
IP DNS cve
10.252.64.84 horemedysso2v.alrajhi.bank CVE-2010-4094, CVE-2010-0557, CVE-2009-4189, CVE-2009-3548, CVE-2009-3099
as you can see i have multi values in the cve filed seperated by comma.
my question is how to get the result to show as:
10.252.64.84 horemedysso2v.alrajhi.bank CVE-2010-4094
10.252.64.84 horemedysso2v.alrajhi.bank CVE-2010-0557
10.252.64.84 horemedysso2v.alrajhi.bank CVE-2009-4189
etc ...
meaning the i want the IP and DNS filed to be repeated with each single value of cve field and each one will be in new row.
thanks in advance
↧