...
In this example, we want to send events related to a single user in our domain from the siem.logtrust.web.activity table add a timestamp and timestamp + 10 mins fields to existing events and insert them into a to a new my.app table.
...
To do itthis, we will use a Devo source Tick unit to get events from the siem.logtrust.web.activity tablefire events. Then, we will link it to a Filter unit that will only send events containing the email of the required user. Map unit and add the following Fields to add.
...
Finally, we will link its out output port to a Devo sink unit to send the filtered events to a my.app table.
...
In the Filter unit settings, we add the following predicate to remove null values in the username column and filter only events related to a specific user mail:
...
.
...
📁 Download this example
You can try this flow by downloading this JSON and uploading it to your domain using the Import option:
| View file | ||
|---|---|---|
|