1 Reply Latest reply on Sep 26, 2013 4:14 PM by abukhari

    Creating Custom Queries with Sum and other group functions without base query



      I want to custom query which i want to run on the events but i want to run this query on some fields like bytes_received or bytes sent. Mcafee web gateway default parser was not giving this information after parsing the log, i have made a advance parser rule associated with mcafee web gateway which is working perfectly fine with information now available in  bytes_received or bytes_sent from the log messages and is properly showing in event details - custom fields tab.


      I want to build a report where i can see which user has utilized the most bandwidth based on that, report will show user and sum(bytes_received). Any help will be appreciated.