Custom Reports v4.0.1 (be1demo)

cancel
Showing results for 
Search instead for 
Did you mean: 

Custom Reports v4.0.1 (be1demo)

L0 Member

When creating a custom report and using the query builder there seems to be a problem with adding multiple values in the builder (unless I am just doing this wrong)

I am trying to create a report to show from the traffic summary log all peer-to-peer technology traffic of a risk catagory of 4 or 5.

This is the statement I am using:

technology-of-app eq peer-to-peer AND risk-of-app eq 5 OR risk-of-app eq 4

Once I run this report all I seem to get is apps with a risk of 4 or 5 as there is client server, browser based, etc traffic in the report aswell.

If I remove the OR statement and the second risk query I get the correct report but only for a risk of 5 for example.

Any ideas??

Cheers

Marc

1 ACCEPTED SOLUTION

Accepted Solutions

L4 Transporter

Hi Marc,

I believe you need to use parentheses:

(technology-of-app eq peer-to-peer) AND (risk-of-app eq 5 OR risk-of-app eq 4)

Thanks

James

View solution in original post

3 REPLIES 3

L1 Bithead

Hi Marc,

I was working on something similar in the gui earlier for threats. I ended up just doing a "greater than or equal to 4", which gave me all the 4s and 5s. (Also still on 3.1.7 - not sure if it changes in 4.0).

Hope the information helps.

L4 Transporter

Hi Marc,

I believe you need to use parentheses:

(technology-of-app eq peer-to-peer) AND (risk-of-app eq 5 OR risk-of-app eq 4)

Thanks

James

View solution in original post

Thanks James.... spot on!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!