cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jarves
New Member
Member since: ‎07-29-2019
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-29-2019
Activity Feed
View All

Re: Translate my windows event viewer search query...

by in Getting Data In
‎08-01-2019 10:57 PM
‎08-01-2019 10:57 PM
Hi @gcusello Where should TA_Windows be installed? ... View more

Re: Translate my windows event viewer search query...

by in Getting Data In
‎07-29-2019 09:36 PM
‎07-29-2019 09:36 PM
I tried that syntax but no results. ... View more

Re: Translate my windows event viewer search query...

by in Getting Data In
‎07-29-2019 07:08 PM
‎07-29-2019 07:08 PM
It's an AND ... View more

Re: Translate my windows event viewer search query...

by in Getting Data In
‎07-29-2019 07:07 PM
‎07-29-2019 07:07 PM
The IpAddress is the IP from where the user did the user authenticated from. ... View more

Translate my windows event viewer search query to ...

by in Getting Data In
‎07-29-2019 03:16 AM
‎07-29-2019 03:16 AM
Hi, I would like to translate my windows event log custom query to splunk search syntax. <QueryList> <Query Id="0" Path="Security"> <Select Path="Security"> *[EventData[Data[@Name='TargetUserName'] = 'ztm31029']] and *[System[(EventID='4624')]] </Select> <Select Path="Security"> *[EventData[Data[@Name='IpAddress'] = '10.228.36.66']] and *[System[(EventID='4624')]] </Select> </Query> </QueryList> The three important fields to searh are IpAddress, EventID and TargetUserName under security events. Thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM