Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Analyzing PowerShell logs in Splunk

quangnm21
Explorer
‎10-06-2023 07:58 AM

Hello everyone. I'm currently working on a lab assignment and I'm having trouble understanding the meaning of two specific fields in PowerShell log hunting. Could someone please explain these two fields to me? I would greatly appreciate it. Thank you.

quangnm21_0-1696604173479.png

quangnm21_1-1696604205140.png

 

Labels (1)
Labels
0 Karma
Reply

_JP
Contributor
‎10-06-2023 09:07 AM

I don't know PowerShell logs...but in a situation like this I would set the Selected to Yes for the fields you're trying to figure out.  Based on your screen shots, those fields appear for 100% of your events.  When you set that to Yes, you will see the field & value appear with each event in your results.  Then you can try and match up what the value is with the text that's there in the event.

But - also keep in mind there could be calculated events, too.  For example, MessageTotal might be the # of bytes in the event, and won't actually appear within the data.  Having them displayed with each event will help you deduce what they might represent, though - if MessageTotal was 1 for a whole bunch of 1-byte events, then you know your answer.

selected_yes.png

Reply

quangnm21
Explorer
‎10-07-2023 09:35 PM

Thank you very much for this suggestion.

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top