Hello,
I have a custom command from an app where I can do a search like `sourcetype=mysourcetype | customcommand ioc=1.1.1.1`
If I try to do something like `sourcetype=mysourcetype | dedup src_ip | customcommand ioc=src_ip` I get an error, as the command is expecting a defined format/value for the ioc parameter.
Is there anyway I can achieve sending the src_ip values, one by one, to the customcommand?
Thanks in advance for your help.
PS: is there a better way to get the unique src_ip value, besides `dedup` ?
↧