cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
daviess158
New Member
Member since: ‎05-28-2019
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-28-2019
Activity Feed
Topics I've Started
View All

Re: Copy and Paste search string

by in Splunk Search
‎06-26-2019 06:54 AM
‎06-26-2019 06:54 AM
Hi Sidd Thanks, sorry for the late reply, I haven't been able to get online for a while! I was wondering why the info in the second line was grey'd out, I have tried the string you suggested but nothing comes up in the statistics tab nothing shows. Can you tell me if there is something else I can try? or help me amend the string please? Stu ... View more

Copy and Paste search string

by in Splunk Search
‎05-29-2019 04:35 AM
‎05-29-2019 04:35 AM
Hi! I am trying to create a report which I will use as a dashboard panel, to show me who has been copying and pasting files and folders. I want to know what has been copied and pasted, and where they have been pasted to. So far I have managed to look at all files read and written but I am unable figure out how to close my search down to show me only instances that have both "read" and "write" Accesses, or Is there a better way to do this? My search string in progress is below: index=windowslogindex EventCode=4663 AND Object_Type=File Accesses="ReadData (or ListDirectory)" | Append [search index=windowslogindex EventCode=4663 AND Object_Type=File Accesses="WriteData (or AddFile)"] ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM