Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Palo Alto Networks vendor_action query to list all

splunkymcsnypr
Engager
‎03-10-2021 03:24 AM

I'd like to run an efficient search over an index to find all of the types of 'vendor_action' field present in the data. However, this is a very large dataset so is there a low resource search to do this? 

Labels (4)
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎03-13-2021 01:58 AM

Hi @splunkymcsnypr,

You can use stats;

| stats count by vendor_action
If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top