...and find eventsfor all the ClientNme in the CSV 234654252.234 %ASA-3-2352552: Certificate was successfully validated. serial number: 1123423SSDDG23442234234DSGSGSGGSSG8, subject name: CN=BD-K-0...
A user within my organization was attempting to searchfor various windows events that indicated that somebody modified a user's acccess on a machine or domain controller. Originally the search b...
Hi Splunkers,
I need to make a statistical table to show me the hosts and each sourcetype that it generates and the count for each sourcetype with a column that calculates the total count and...
We are testing the log collection from our paloalto firewalls and seem to have come across a snag when trying to monitor the traffic and threat events. We have the PaloAlto addon and app installed and...
...ccount names with $ in them per my search above to populate the next result for account_name? I searched google and Splunk answers and was not able to find an answer. Thank you.
In order to find out if and when a member was added to a security group,I have done a searchforEventCode=4728. The search returned the following:
10/20/2013 01:10:24 PM
LogName=Security
S...
hi
our system logs test runs as single events. in some cases we would have a re-run of a test. both events are logically related but are separate for each run (the original run and the r...
...end it on to be indexed, and ignore the rest. However, this is not happening. When I search my index for "EventCode=4624" I see the full event text, along with the extraneous text. It doesn't appear t...
Issue: Phantom Add-on for Splunk – is not saving any changes done on Saved searches and below error is observed in logs internally. Error observed in Internal logs : 2022-11-17 17:19:1...
Hi, I am trying to get a list of workstations trying to connect to malicious DNS using PaloAlto and SYSMON logs. From PaloAlto logs I get the list of malicious domains detected and blocked with t...