Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Ingest everything. Investigate anything.
There are multiple ways to access enumerated fields when building a data pipeline in Gravwell;
let's use our already familiar “Employees” information to illustrate.
Query 6:
We aren’t sure what column a particular piece of data (the ip_addr) assigned to a user resides in, we’ll try out the words search processing module
tag=envolvelabs-Employees ax
| words "192.168.0.44"
| table
Query 7:
Lets query for something specific using a comparison, “ == ”, operator, we know the field we are looking for is the “ ip_addr ” field
tag=envolvelabs-Employees ax ip_addr == 192.168.0.44
| table