Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Filter away pattern on windows event log report

keyu921
Explorer
‎09-19-2020 03:23 AM

Current report for the following event log

index=windows  EventType=4 host=* | table _time host EventCode Message

///

EventType=4
Type=Information
ComputerName=NOYO.asus.com
Message=Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.323.1450.0)

//

I try to filter away if event if message contains Security Intelligence Update for Microsoft Defender Antivirus

index=windows  EventType=4 host=*  
| where Message="%Security Intelligence Update for Microsoft Defender Antivirus%"
| table _time host EventCode Message

But seems message cannot filter

Labels (1)
Labels
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-19-2020 11:57 AM

Where command is used to compare two field values or check if field value is less or greater than a given number.

read about where and search commands in search reference.

https://docs.splunk.com/Documentation/Splunk/8.0.6/SearchReference/Where

 

————————————
If this helps, give a like below.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-19-2020 03:26 AM

Hi @keyu921,

please try this:

index=windows  EventType=4 host=* Message="*Security Intelligence Update for Microsoft Defender Antivirus*"
| table _time host EventCode Message

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...