Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Search for to different subtypes

sympatiko
Communicator
‎12-01-2014 08:14 PM

Hi,

I want to search for any "virus" event in a two different subtype. Is it possible?

Thanks,

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎12-02-2014 01:28 PM

You can try like this

(index=A1 sourcetype=S1 type=traffic,subtype=forward) OR (index=A2 sourcetype=S3 type=utm,subtype=virus) | search <<your condition/filter/criteria to find virus>>

Where A1-S1 and A2-S2 are index-sourcetype combination for different subtype

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎12-02-2014 01:28 PM

You can try like this

(index=A1 sourcetype=S1 type=traffic,subtype=forward) OR (index=A2 sourcetype=S3 type=utm,subtype=virus) | search <<your condition/filter/criteria to find virus>>

Where A1-S1 and A2-S2 are index-sourcetype combination for different subtype

Reply
Solved! Jump to solution

kml_uvce
Builder
‎12-01-2014 09:55 PM

What do you mean by subtype ? is this event type ?

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

sympatiko
Communicator
‎12-02-2014 12:34 AM

Yes. That's what I mean.

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎12-02-2014 12:56 AM

That depends completely on what eventtypes you have, what your definitions are for "virus events", and a number of other factors. Please provide more details with log samples and fields, and we'll stand a better chance of helping you.

0 Karma
Reply
Solved! Jump to solution

sympatiko
Communicator
‎12-02-2014 01:02 AM

I want to manage logging from my fortigate firewall. There are two subtypes where fortigate is detecting a virus type of event. First is coming from "type=traffic,subtype=forward" and the other one is from "type=utm,subtype=virus" . I want to search for any virus from those two different subtypes? Is it possible?

Thanks,

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...