Hello all!
I´m so lost trying to get full process tree to visualize it in dendogram https://splunkbase.splunk.com/app/5153/ , i hope anybody could help me
Data example:
| parent | sourceProcess | child | destinationProcess |
| 906 | PanGpHip.exe | 942 | cmd.exe |
| 906 | PanGpHip.exe | 934 | cmd.exe |
| 906 | PanGpHip.exe | 938 | cmd.exe |
| 906 | PanGpHip.exe | 930 | cmd.exe |
| 906 | PanGpHip.exe | 926 | cmd.exe |
| 906 | PanGpHip.exe | 921 | cmd.exe |
| 906 | PanGpHip.exe | 913 | cmd.exe |
| 246 | PanGPS.exe | 906 | PanGpHip.exe |
| 16 | svchost.exe | 242 | RuntimeBroker.exe |
| 6 | services.exe | 243 | sppsvc.exe |
Data needs to be show as following capture to work
where you able to solve the problem? Have you tried to generate process chain table use process monitor baseline? have you tried force directed viz?
