HI,
i`m create dashboard from winlogbeat index.
and not undestend how to limit value from one fiels vlues anather fields
example:
{"find": "terms", "field": "event. action"}
outputs all the values of this field in the index to a variable
I want to limit the output of values to a filter
{“find”: “terms”, “field”: “event.action”, “query”: “event. code:4722”}
but this scheme doesn’t work.
how to correctly limit the output of one field by the value of another?