Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

The latest updates to the Devo platform are now available and we have some new features and improvements for you to work with. Read on below for a recap from our latest release effective January 2021.

New features

Data search

  • Apart from the standard columns available in a table, each table has a set of special columns labeled as Extra. These columns may contain a variety of information, from data as it was originally generated prior to Devo parsing to structural metadata. They are not shown by default and need to be explicitly requested in the query using the procedures explained in Selecting specific columns in LINQ or Selecting specific columns with the Finder. Hidden fields are technology, brand, phylum, family, genus, species, hostname, hostIp, message, hostchain and tag.



  • In the Finder there are two new tables available in Custom Finders: demo.ecommerce.data and siem.logtrust.collector.counter.
  • There is a new operation available for strings called isempty().

  • Selected events has a new "type" column and JSON values are now displayed in a tree format.

Improvements

Data search

  • We've made improvements to the timezone selector in the Download search data window.
  • The "No time-based grouping" is now at the top of the "Every" dropdown list.
  • When searching for functions that apply to "regex", the "peek" operation will be displayed.

Lookups

  • It's no longer necessary to give a description when creating a new lookup table.

Bug fixes

  • When configuring the Timezone, the drop-down values always displayed the winter offset.
  • In Data search, a JSON column value displayed the wrong type in the Pretty print view.
  • We've fixed how the user query priority mark was displayed.
  • The "Event loading preferences" window would remain open despite leaving the search window.
  • The Aliased Finder wouldn't recover the complete search when the search selects an explicit set of columns.
  • The "OR" operation could be enabled without any data.
  • There was an issue with Alerts querying the "my." tables not attaching the events that triggered the alert.
  • The Alert subcategory name max size was incorrectly checked.
  • There was an error when adding an HTTP-JSON type delivery method.
  • We've fixed a couple of bugs relating to the XML OData feed.
  • No labels