📅  最后修改于: 2022-03-11 14:59:07.838000             🧑  作者: Mango
`dmc_audit_get_searches(YourServer)` | stats min(_time) as _time, values(user) as user, max(total_run_time) as total_run_time, first(search) as search, first(search_type) as search_type, first(apiStartTime) as apiStartTime, first(apiEndTime) as apiEndTime by search_id | where isnotnull(search) AND search_type="ad hoc" | search user="*" | fields search, total_run_time, _time, apiStartTime, apiEndTime, search_type, user | eval earliest = case( like(apiStartTime, "%ZERO_TIME%") AND like(apiEndTime, "%ZERO_TIME%"), "all time", like(apiStartTime, "%ZERO_TIME%"), "-", 1 == 1, apiStartTime ) | eval latest = case( like(apiStartTime, "%ZERO_TIME%") AND like(apiEndTime, "%ZERO_TIME%"), "all time", like(apiEndTime, "%ZERO_TIME%"), "-", 1 == 1, apiEndTime ) | eval search = if(isnotnull(search), search, "N/A") | `dmc_time_format(_time)` | sort - total_run_time | eval total_run_time = `dmc_convert_runtime(total_run_time)` | fields search, total_run_time, _time, earliest, latest, search_type, user | rename search as Search, total_run_time as "Search Runtime", _time as "Search Start", earliest as "Earliest Time", latest as "Latest Time", search_type as Type, user as "User"