Splunk Enterprise

Need help showing statistics

akgreen
Loves-to-Learn Lots

index=VulnerabilityManagement Sourcetype=*
|fields dept=HR      vuln=*      PC=*
|I want statistics showing a list of  HRs vulnerabilities and the associated PC.

I'm new, hopefully this makes sense. I just want a basic statistics page that I can put on a dashboard showing the list of PC vulnerabilities in this dept. And remove any rows that are missing either the vulnerability or PC.

The statistics would show:

Vulnerabilities                            PC
CVE-Malware Boogy              CEOPC1234


Labels (2)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Can you share some sample events (in a code block </>) and indicate which fields have already been extracted?

0 Karma

akgreen
Loves-to-Learn Lots

I wish I could, but its work data 😕 But the fields above are the fields I am working with. 
The dept=hr gives me all of HR 
the vuln=give me all the vulnerabilities 
and the pc=gives me device name. 

I just don't know how to structure them and remove empty fields

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| where dept="HR" AND isnotnull(vuln) AND isnotnull(pc)
0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...