Solved: Why is the following field not displaying in my re...

jip31 · ‎09-15-2018

Hello

I want to display the field "chemin d’accès de l’application défaillante" in my report from the code below:

index="windows" sourcetype="wineventlog:*" "SourceName=Application Error"  Type="Critique" OR Type="Avertissement" OR Type="Erreur"  faillante | dedup _time SourceName  | table  _time SourceName Chemin d’accès de l’application défaillante  | stats  count by SourceName  | sort  - count limit=10

But this field isn't displaying...

What do I have to do to be able to use this field?

Is it possible to do a "field extract" like we can do in a log?

could you help me please??

harishalipaka · ‎09-15-2018

hi @jip31

| table _time SourceName "Chemin d’accès de l’application défaillante"

Thanks
Harish

View solution in original post

harishalipaka · ‎09-15-2018

hi @jip31

| table _time SourceName "Chemin d’accès de l’application défaillante"

Thanks
Harish

jip31 · ‎09-15-2018

MANY THANKS!

Why is the following field not displaying in my report?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?

Why is the following field not displaying in my report?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)