Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About mac81
mac81
New Member
Member since:
10-02-2018
06-05-2020
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 10-02-2018 |
Activity Feed
- Posted Re: How can I search on a dashboard for all events related to a specific individual? on Dashboards & Visualizations. 10-05-2018 08:10 AM
- Posted Re: How can I search on a dashboard for all events related to a specific individual? on Dashboards & Visualizations. 10-04-2018 10:59 AM
- Posted Re: How can I search on a dashboard for all events related to a specific individual? on Dashboards & Visualizations. 10-04-2018 10:20 AM
- Posted How do I format a Dashboard to show results of separate Searches "Rolled Up" (for ease of use)? on Dashboards & Visualizations. 10-02-2018 02:11 PM
- Tagged How do I format a Dashboard to show results of separate Searches "Rolled Up" (for ease of use)? on Dashboards & Visualizations. 10-02-2018 02:11 PM
- Posted Re: How can I search on a dashboard for all events related to a specific individual? on Dashboards & Visualizations. 10-02-2018 02:01 PM
- Posted Re: How can I search on a dashboard for all events related to a specific individual? on Dashboards & Visualizations. 10-02-2018 01:19 PM
- Posted Re: How can I search on a dashboard for all events related to a specific individual? on Dashboards & Visualizations. 10-02-2018 10:55 AM
- Posted How can I search on a dashboard for all events related to a specific individual? on Dashboards & Visualizations. 10-02-2018 09:06 AM
- Tagged How can I search on a dashboard for all events related to a specific individual? on Dashboards & Visualizations. 10-02-2018 09:06 AM
- Tagged How can I search on a dashboard for all events related to a specific individual? on Dashboards & Visualizations. 10-02-2018 09:06 AM
Topics I've Started
10-05-2018
08:10 AM
It is svc with no trailing spaces.
Can you see the field Account_Name in the left hand side auto extracted fields?
I see Account Name in the results.
Thanks.
... View more
10-04-2018
10:59 AM
Thanks.
Yes, I tried every possible combo.
| where Account_Name="svc"
| where Account_Name="svc*"
| where Account_Name="svc"
| where Account_Name="*svc"
If I take out the pipe and where clause, I see lots of svc... accounts.
So, no luck.
... View more
10-04-2018
10:20 AM
Thanks.
Sorry, but that does not work.
index=winevents* OR index=msad* sourcetype=wineventlog:* 4625 produces lots of logs, including several where the account name starts with svc.
But, for some reason,
index=winevents* OR index=msad* sourcetype=wineventlog:* 4625 | where Account_Name="svc"
does not produce anything. I will keep working on this.
... View more
10-02-2018
02:11 PM
How can I format a dashboard to show results of separate Searches "Rolled Up" (for ease of use)?
That is, instead of a list or a table, which takes up A LOT of vertical space, how can I show, for each separate Search, just a line that gives the Search name and then maybe how many results there are for that Search, and then the same for the next Search.
And then maybe the Search name would be clickable so as to expand the Search results?
Thanks.
Mac
... View more
- Tags:
- splunk-enterprise
10-02-2018
02:01 PM
Thanks, but I am trying to be able to search by a unique user name, or prefix.
Like index=winevents-j OR index=msad* sourcetype=wineventlog:* 4625 Account_Name=
But no matter how I try this, it fails. I have searched the web, and this site, with no luck.
When I do an unlimited search (sans Account Name), I find plenty of entries, including svc account entries. But when I try to use something like ... Account_Name=svc* that fails, too.
... View more
10-02-2018
01:19 PM
I can see the 4625 log fields at
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4625
but I still am unable to find the right syntax for this simple query.
... View more
10-02-2018
10:55 AM
I apologize.
I am trying to find the syntax for finding a given event that relates to a particular user.
Eg:
index=winevents-j OR index=msad* sourcetype=wineventlog:* EventCode="4625" OR Event="4625" +
... View more
10-02-2018
09:06 AM
How can I search on a dashboard for all events related to a specific individual?
I am trying to find the syntax for finding a given event that relates to a particular user.
Eg:
index=winevents-j OR index=msad* sourcetype=wineventlog:* EventCode="4625" OR Event="4625" +
I have searched this site and the web, with no luck (so far).
Thanks.
Mac
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
