Activity Feed
- Karma Re: Search multiple fields from one lookup field for maciep. 06-05-2020 12:50 AM
- Posted Re: Search multiple fields from one lookup field on Splunk Search. 05-15-2019 09:51 AM
- Posted Search multiple fields from one lookup field on Splunk Search. 05-14-2019 08:41 AM
- Tagged Search multiple fields from one lookup field on Splunk Search. 05-14-2019 08:41 AM
- Tagged Search multiple fields from one lookup field on Splunk Search. 05-14-2019 08:41 AM
- Tagged Search multiple fields from one lookup field on Splunk Search. 05-14-2019 08:41 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
05-15-2019
09:51 AM
The first search works like a charm! I do have one question, do you know of a way to also include the indicator field in the results? Something along where the below search would yield what I'm looking for. I.e. I would not only like to see the information about the email (sender/recipient/subject) but also what specifically flagged the alert (the indicator).
|table _time, indicator, sender, recipient, subject
... View more
