Skip to main content
Solved

Couple custom field creation questions

  • November 1, 2023
  • 5 replies
  • 53 views
qyost
Forum|alt.badge.img+16

I have two values I would like to display in a table widget, but I can't seem to find the right way to craft the custom field.  For both, I'm trying to extract a single value across mutliple individual alerts.

1) I can easily get the number of users matching the criteria for the record, but I would prefer to display a list of the users. How can this be done without presenting a row for each user? I would much prefer to have them summarized into a single cell.

2) The second summary field I would like to create is the "most recent" time across the individual records.

Table I'm working with


Any recommendations would be appreciated.



Best answer by Aaron_Zhang

Hi @qyost ! Here are my recommendations:

1) To have users summarized into a single cell, you can use the "Aggregate" feature to get a "List of unique values" from the "User" field.

 

2) To get the "most recent" time, you can apply the "Maximum Event Date" field. This will give you the "most recent" date across the individual events. 

 

Let me know if you have any questions!

 

---Q.
Rohit_Bhaskar
This topic has been closed for replies.

5 replies

Aaron_Zhang
Netskope Employee
Forum|alt.badge.img+13
  • Aaron_Zhang
  • Netskope Employee
  • Answer
  • November 7, 2023

Hi @qyost ! Here are my recommendations:

1) To have users summarized into a single cell, you can use the "Aggregate" feature to get a "List of unique values" from the "User" field.

 

2) To get the "most recent" time, you can apply the "Maximum Event Date" field. This will give you the "most recent" date across the individual events. 

 

Let me know if you have any questions!

 

Rohit_Bhaskar
qyost
Forum|alt.badge.img+16
  • qyost
  • Author
  • Explorer III
  • November 9, 2023

That did largely work so I've accepted it as a solution.   Not sure how I overlooked both of those option. 

One challenge though, I was looking for a more granular timestamp than date for the most recent.  It's also peculiar that maximum date displays a time since the description is date only.

---Q.
Aaron_Zhang
Netskope Employee
Forum|alt.badge.img+13
  • Aaron_Zhang
  • Netskope Employee
  • November 9, 2023

Thanks for the feedback!

 

Advanced Analytics currently only support "date" for the "most recent," but we should be able to enable a more granular "timestamp" for this with custom fields or enhancement requests. Feel free to reach out to your account team for more details.

 

I will also work with our teams to modify the existing "maximum date" field. Thanks again for your comments!

 

Best,

Aaron

qyost
Forum|alt.badge.img+16
  • qyost
  • Author
  • Explorer III
  • November 13, 2023

Enhancement Request in in-flight.

 

---Q.
D
Netskope Employee
Forum|alt.badge.img+3
  • danielaflorez
  • Netskope Employee
  • November 15, 2023

Created ER-2763.

Badges Winner

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsCookie settingsAccessibility statement