Hi Guys, I am just wondering if anyone can put me in the right direction - I have a question about search queries in Splunk. For example, in the below 2 simple query: A. sourcetype="WinEventLog" EventCode=4688 New_Process_Name="*powershell.exe" | stats count by New_Process_Name, Process_Command_Line B. sourcetype="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational” EventID=1 Image=”*powershell.exe” | stats count by Image, CommandLine How do I know the following fields exists in that particular log? 1. New_Process_Name 2. Process_Command_Line 3. Image etc. Thanks guys!!
... View more