I need to create a table that includes the filename, the domain name of which file came from, the source IP, the destination IP, and the date/time stamp.
What should the search query be?
Also with this - Find the executable they uploaded. Once found, detail the following in a single table: What was the filename? When was it uploaded? Was the upload successful? Where did it come from?
To take advantage of the advanced search features in the Splunk software, you must understand what fields are and how to use them.
Like, the events you have for having respective fields in tabular format (using table command)
Start with the events you have in particular index and search into search bar.
Go through the below link to identify fields in events.
https://docs.splunk.com/Documentation/Splunk/8.2.2/SearchTutorial/Usefieldstosearch
After this you have to use table command to list the identified fields.
https://docs.splunk.com/Documentation/SplunkCloud/8.2.2107/SearchReference/Table
Other references:
https://docs.splunk.com/Documentation/SplunkCloud/8.2.2107/SearchReference/WhatsInThisManual
https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/ListOfSearchCommands
I hope this will help you to work with Splunk & Splunk Search. If you need further help please share you sample events So we can help with search.
Thanks
KV
▄︻̷̿┻̿═━一 😉
If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.