Is there a way to limit the length of the results for a particular field? For example, if the URL/ref field is 100characters long it will make our report box look like a mess because it will have a slider and push everything too wide. Can we limit that?
query: index=pci_bpo_index device_id="FG*" type="virus" | stats count by log_id subtype msg status devname url ref | sort -10count
result:- log_id=0211008192 type=virus subtype=infected pri=warning vd=root msg="File is infected." status=passthrough service=mm1 src=1.1.1.1 dst=2.2.2.2 sport=2560 src_port=2560 dport=5120 dst_port=5120 src_int=lo dst_int=dummy0 policyid=12345 identidx=67890 serial=312 dir=rx file=file_name checksum=N/A quarskip="No skip" virus=virus dtype=cat ref=fortinet/ve?vid=1 url=N/A carrier_ep="carrier endpoint" profile=N/A profiletype=N/A profilegroup=N/A user=user group=group agent=N/A from=N/A to=N/A
i want to limit the characters in ref only to show upto ref=fortinet instead of ref=fortinet/ve?vid=1
thanks salil