Hi All,
I have a requirement to write a Splunk query that will alert if windows event logs capture three EventCodes (independent events) within 30 secs
PseudoQuery :
"EventCode= X, Y, Z| bucket span=30s _time | fields _time hostname EventCode"
Any leads, please?
