- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-28-2011 04:54 AM
When creating a custom report and using the query builder there seems to be a problem with adding multiple values in the builder (unless I am just doing this wrong)
I am trying to create a report to show from the traffic summary log all peer-to-peer technology traffic of a risk catagory of 4 or 5.
This is the statement I am using:
technology-of-app eq peer-to-peer AND risk-of-app eq 5 OR risk-of-app eq 4
Once I run this report all I seem to get is apps with a risk of 4 or 5 as there is client server, browser based, etc traffic in the report aswell.
If I remove the OR statement and the second risk query I get the correct report but only for a risk of 5 for example.
Any ideas??
Cheers
Marc
03-28-2011 11:33 AM
Hi Marc,
I believe you need to use parentheses:
(technology-of-app eq peer-to-peer) AND (risk-of-app eq 5 OR risk-of-app eq 4)
Thanks
James
03-28-2011 11:02 AM
Hi Marc,
I was working on something similar in the gui earlier for threats. I ended up just doing a "greater than or equal to 4", which gave me all the 4s and 5s. (Also still on 3.1.7 - not sure if it changes in 4.0).
Hope the information helps.
03-28-2011 11:33 AM
Hi Marc,
I believe you need to use parentheses:
(technology-of-app eq peer-to-peer) AND (risk-of-app eq 5 OR risk-of-app eq 4)
Thanks
James
03-28-2011 11:41 PM
Thanks James.... spot on!!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!