Hello all,
Does anyone know if it is possible to somehow tag or otherwise flag the raw events of a Notable Event (the raw events from clicking on the "Contributing Events" drilldown) for usage in a data model? The initial thought was to tag the data as notable and then make a generic data model based on the tag. The goal is to have a method of viewing all data that contributes to a Notable Event trigger in ES.
I'm finding it quite difficult to actually do something along these lines. Does anyone have a suggestion, or know if it's possible? If it's not, does anyone know why?
I suspect that it may be possible by running a script, but I have not done anything with the scripting system yet, so I'm not entirely sure of it's limitations or whether or not this would be a good situation for a script.
↧