Need help on getting rex query. I am getting below two events. I am able to rex for event 1 with NULL field. But I also need to capture the sample event 2 which does not have NULL value. I...
Hello everyone,
Have you ever wondered why microsoft does not documented Operation types with Unicode + meaning?
You don´t need to anymore.
I have made the needed research (anyone can do) and h...
Hello. I am trying to get interactive logon logs for all workstations in an organization. The event code for this log is 4624 with the EventType 2. I am only seeing EventType 0 in Splunk when I d...
Hi there, hoping this is a quick question:
I've got a search which polls for several eventlog types, and I want to put them into a table by eventtype using number of hosts in each eventtype, r...
...esult. This is obviously not correct SPL, but I tried | eval failure=sum (|where Result="failed"). Plus it would do nothing to group by Eventtype.
| eval Result=c...
Hi, I have a stat on eventtype like this index=xyz | stats count by eventtype This query generates: All_logs = 14 Error = 2 Login = 4 Auth = 8 Where All_logs is also an eventtype w...
Hi, if I had logs as such wirn different type data in the same sourcetype: "<134>Nov 23 21:23:17 NSX-edge-7-0 loadbalancer[2196]: [default]: 154545" "<4>Nov 23 21:06:47 NSX-e...
This is my search I am trying to use in an eventtype so I can tag my events.
index = mail
| eval Subject=coalesce(Subject,subjectx)
| search
Subject = "*NVEM Battery Alert*"
But i get t...