Splunk Search

Field mapping from number to names

michael_lee
Path Finder

Say for instance I am searching for windows event codes and types and I have a list of the event code mapping to their text description. How can I show in my search output the Event code mapped to their names? thanks

Tags (1)
0 Karma

fdi01
Motivator

try like :

your_base_search|stats list("fields name Event code") as " Event code" by "fields name of  text description" |....
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...