I am trying to create a dashboard to pull information for AUP.
I typed: index=*panlogs
then thought I would try and filter out action=blocked
Any suggestions how I can form string correctly to get this info?
Hi @PJitsme on the splunk training page, the fundamentals 1 training is a free one, at your free time i would suggest you to go thru that, which will be very helpful to you, to create good splunk search queries. thanks.
Use one of the examples below, depending on whether you want to include or exclude blocked action events.
index=*panlogs action=blocked
OR
index=*panlogs action!=blocked