I'm hoping to find an equivalent to lookup_and_add that I can configure in a SAW (Warehouse) query. Any help or pointing in the right direction would be appreciated.
Thanks in advance.
Have you able to find any workaround on this. I am also struggling to make rules on warehouse.
Have you created any rules based on SAW.
Will you please suggest me how to write query to get reports on SAW.
Pls suggest. Thanks.
Hello, I don't think that there is an equivalent function but maybe you can find something to help you in this site:
Is a great reference Website for Hive Commands that you can use in the reports.
I have tried some basic rule which contains src.IP, dst.IP, TCP dstport and src.country and src domain, its work fine but I am looking is there any way to reprocess the fetched data from SAW to processed it from concentrator and it should give full detail view for those session for that period of time.
Retrieving data ...