Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need help with Tenable SC query

mackmarvin
New Member
‎08-26-2020 04:08 PM

I got a search query but I need help displaying the failed scans of the IP or devices. What field I use for that particular search.

0 Karma
Reply

kennetkline
Path Finder
‎10-23-2020 12:52 PM

Question what is definition of a failed scan?

Are you referring to setting "Display unreachable host" = Enabled

Display unreachable hosts

Disabled

When enabled, hosts that did not reply to the ping request are included in the security report as dead hosts. Do not enable this option for large IP blocks.


I used to use this setting a lot back in the day;  This should show up in pluginID=19506.

Days since last observed should be more than that of last scan.

index=nessus sourcetype="tenable:sc:vuln"  pluginID=19506

going to need to compare a live/dead hosts pluginText in verbose and see which flag; shows up.  Then focus on the needed Rex;  next week before I can run a test scan if this is what is meant to dig any further

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...