I need to run a query to recover the data specified in the "srcAddr" section.
When I execute a sample query, the results are shown to me, as we can see in attach #1.
Also, we can see all the available fields to be used, in attach #2.
However, when I ran the query below:
fields @timestamp, @message, @logStream, @log | filter @message like "'request.SrcAddr': xxxx" | sort @timestamp desc | limit 05
I didn't get any results (attach: #3).
Important: the IP address informed is masked.
Can you help me?
#1 Search results with general data #2 Fields available to search #3 Search results when filters are applied
My expectation is that the results show me the data filtered on the basis of my filter.