×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
buskeyl
New Member
Member since: ‎05-18-2022
‎05-19-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-18-2022
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Windows Events Message field

by in Getting Data In
‎05-18-2022 08:08 PM
‎05-18-2022 08:08 PM
I know this is a really old post, but this is exactly what I think I need to do.  I am too much of a noob to follow this.  Are you still out there? Specifically, I want to search for Windows Security 4776 sucess events, deduplicate the list based on the value in the "Logon Account:  UserX" string within the events message field.  SO I think I need to extract the "Logon Event: UserX" sting so the filed is Logon Account: and the Dedup is applied to the value of that field     ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-19-2022 02:31 AM