如果 path 是空字串则使用目前路径,如果 expression 是空字串则使用 -print 为预设 expression。...-nogroup: 查找无有效所属组的文件,即该文件所属的组在/etc/groups中不存在。 -nouser: 查找无有效属主的文件,即该文件的属主在/etc/passwd中不存在。...-size n:[c] 查找文件长度为n块的文件,带有c...
accounts.json logs.jsonl shakespeare.json [root@es5 ~]# curl -XPOST http://es2:9200/_bulk --data-binary @shakespeare.json [root@es5 ~]# curl -XPOST http://es2:9200/_bulk --data-binary @accounts.json [root@es5 ~]# curl -XPOST http://es2:9200/_bulk --data-binary @logs.jsonl ...
log_format json '{"user_ip":"$http_x_real_ip","lan_ip":"$remote_addr","log_time":"$time_iso8601","user_req":"$request","http_code":"$status","body_bytes_sent":"$body_bytes_sent","req_time":"$request_time","user_ua":"$http_user_agent"}'; access_log /var/log/nginx/...
Path: The path to the file that contains the JSON definition. Payload: See Example of payload content decoded from Base64 PayloadType: InlineBase64Example of payload content decoded from Base64The following example payload is a JSON object that describes a Queryset containing a single ta...
{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743762762862,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","_...
| extend Entitytype = tostring(parse_json(EntitiesDynamicArray).Type) | where Entitytype in~ ("host","process") | extend hostname = EntitiesDynamicArray.HostName | extend commandline = EntitiesDynamicArray.CommandLine | where commandline !contains "f:\abc\xyz\comhost.exe" ...
JSON 复制 { "value": [ { "id": "3546052c-ae64-4526-b1a8-52af7761426f", "displayName": "KQLDatabase_1", "description": "A KQL database description.", "type": "KQLDatabase", "workspaceId": "cfafbeb1-8037-4d0c-896e-a46fb27ff229", "properties": { "parentEventhouseItemId...
TempTable | where Value contains "URL" | extend Url = parse_json(Value).['URL'] | where Url contains "https://www.caramel.org/check/_xyz" 我需要用“ ==”而不是“包含”来执行Where子句,因为我需要能够使用URL值加入另一个表。我尝试将“ URL”转换为串,修剪它,但似乎没有任何用。我已经...
{ "json": "## select a workspace to see saved queries." }, "conditionalVisibilities": [ { "parameterName": "Workspace", "comparison": "isEqualTo" }, { "parameterName": "Subscription", "comparison": "isNotEqualTo" } ], "name": "no workspace set" }, { "type": 1, "content"...
JsonFilePath KeyObject KeyResourceId KqlFilePath KqlScriptName KqlScriptObject KqlScriptOutputFolder KustoPoolDatabaseName KustoPoolName LanguageForExecutionCode LastCommitId LastUpdatedAfter LastUpdatedBefore LibraryRequirementsFilePath LinkConnectionName LinkConnectionObject LinkedAccessCheckOnTargetResource ...