How to put a value in a variable?

hack3rcon · March 5, 2025, 8:36am

Hello,
Using the following query I found the Handle ID for ID 4660:

{job="windows-security"}
| json
| event_id =~ "4660"
| line_format "{{ .event_data }}"
| regexp "<Data Name='HandleId'>(?P<HandleId>[^<]*)</Data>"
| HandleId_4660 = "" 
| line_format "Handle ID 4660 is: {{.HandleId}}"

I want to set the value of HandleId to HandleId_4660. I wrote the following query, but it didn’t work:

{job="windows-security"}
| json
| event_id =~ "4660"
| line_format "{{ .event_data }}"
| regexp "<Data Name='HandleId'>(?P<HandleId>[^<]*)</Data>"
| HandleId_4660 = "{{ .HandleId }}"  
| line_format "Handle ID 4660 is: {{ .HandleId_4660 }}"

Why?

Thank you.

hack3rcon · March 5, 2025, 10:58am

Hi,
I found it:

{job="windows-security"}
| json
| event_id =~ "4660"
| line_format "{{ .event_data }}"
| regexp "<Data Name='HandleId'>(?P<HandleId>[^<]*)</Data>"
| label_format HandleId_4660="{{.HandleId}}"
| line_format "Handle ID 4660 is: {{.HandleId_4660}}"

Topic		Replies	Views
A Loki query to compare HandleId field Grafana Loki	0	11	February 26, 2025
Can you do string manipulation on variables? Grafana templating , loki , query-help	1	595	May 20, 2024
Set variable based on another Grafana	9	1379	January 27, 2022
Query variable regex Dashboards	5	466	June 20, 2024
Get value from key/value by key.name Grafana value-mapping	9	78	March 11, 2025

How to put a value in a variable?

Related topics