2026-04-13 10-31-04

12:33 2 Puheenvuorot 4 Ryhmät 262 Segmentit

Ryhmät

  1. 0:00

    In this video, we're going to take a look at a couple of the search language options that are available in ELK. So first of all, when we're searching with Elk, it does have multiple different query languages that can be used. The first one …

  2. 5:01

    And we get no results there, which is perfectly fine. That's not abnormal. You can also add, let's go back to just showing our file creation events. You can expand any of the events here and add any of these fields as a filter very easy. So…

  3. 10:04

    the first event we list there and the second one, these sections in brackets, only five minutes should have pass. So it's only, basically it constrains those matching results to within a certain time span. And then each of those entries in …

  4. 11:37
    Luku 4: a look at. 50s · Speaker 2

    a look at. That is for KQL searches. EQL uses the EQL search API, not the discovery section or the discover section like KQL. Since we're just starting out with ELK, we're going to stick with KQL for now. Now for the ECTPH exam, You don't n…