Context Table?

Hi,

Is it possible to add in a context table? I am using exabeam, but couldnt find anything, but i believe it uses the elkstack in the backend

this is what i have currently

   query = {
        "size": 0,
        "query": {
            "bool": {
                "must": [
                    {
                        "query_string": {
                            "analyze_wildcard": True,
                            "default_field": "message",
                            "query": 'exa_category:"Security Alerts" AND Vendor:"Palo Alto Networks"',  # noqa: E501
                        }
                    },
                    {
                        "range": {
                            "@timestamp": {
                                "gte": start_date,
                                "lte": end_date,
                                "time_zone": LOCAL_UTC_OFF_SET,
                            }
                        }
                    },
                ],
                "must_not": [],
            }
        },
        "aggs": {
            "2": {
                "date_histogram": {
                    "field": "@timestamp",
                    "interval": "1d",
                    "time_zone": "America/Los_Angeles",
                    "min_doc_count": 1,
                },
                "aggs": {
                    "3": {
                        "terms": {
                            "field": "alert_type.keyword",
                            "size": 10,
                            "shard_size": 5000,
                            "order": {"_count": "desc"},
                                   
 
                        }
                    }
                },
            }
        },
    }

Hi @davidbeiler . I'm not sure I understand what you're trying to do. Can you provide more details on what a "context table" is?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.