Hello Splunk People....
I want to return a search within splunk. THe index is wineventlogs and i want to return all the eventcodes within eventtypes.
Meaning....
Eventtype A includes eventcode 5144, 5145, 5146
Eventtype b includes eventcode 5144, 5166, 5167
As examples.... thanks to all
Hi @rcbutterfield ,
you should try something like this:
index=wineventlog
| stats
values(EventCode) AS EventCode
count
By eventtype
Ciao.
Giuseppe
Hi @rcbutterfield ,
you should try something like this:
index=wineventlog
| stats
values(EventCode) AS EventCode
count
By eventtype
Ciao.
Giuseppe
Thank you! it works perfect!
Hi @rcbutterfield ,
good for you, see next time!
Ciao and happy splunking
Giuseppe
P.S.: Karma Points are appreciated 😉