×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
mmcap
Explorer
Member since: ‎11-18-2023
‎01-23-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎11-18-2023
Activity Feed
View All

Re: Picking which logs to monitor

by in Deployment Architecture
‎01-22-2024 12:42 PM
‎01-22-2024 12:42 PM
Hi Giuseppe, I appreciate the lightning fast answer and I agree, there is a multitude of  logs to choose from. That's kind of the problem.  I will most certainly look at the link you supplied but I was trying to find out which logs other people feel work best for them.  In the mean time I will have a look around the content on your link. Ciao Norm  ... View more

Picking which logs to monitor

by in Deployment Architecture
‎01-22-2024 12:28 PM
‎01-22-2024 12:28 PM
When monitoring Windows systems which logs do you find to give the best information for finding security events and then tracking down the event from start to finish? ... View more
Labels

Re: Adding a field that contains either 1 OR 2 wor...

by in Knowledge Management
‎11-18-2023 05:58 AM
‎11-18-2023 05:58 AM
That works perfectly.  Thank you PickleRick ... View more

Adding a field that contains either 1 OR 2 words

by in Knowledge Management
‎11-18-2023 05:20 AM
‎11-18-2023 05:20 AM
Hi all, I'm having difficulty crafting regex that will extract a field that can have either 1 or multiple words. Using the "add field" in Splunk Enterprise doesn't seem to be able to get the job done either.  The field I would like to extract is for the "Country" which can be 1 word or multiple words. Any help would be appreciated. Below is my regex and a sample of the logs from which I am trying to extract fields. I don't consider myself to be a regex guru so don't laugh at my field extraction regex. It works on everything except The country. User\snamed\s(\w+\s\w+)\sfrom\s(\w+)\sdepartment\saccessed\sthe\sresource\s(\w+\.\w{3})(\/\w+\.*\/*\w+\.*\w{0,4})\sfrom\sthe\ssource\sIP\s(\d+\.\d+\.\d+\.\d+)\sand\scountry\s\W(\w+\s*)   11/17/23 2:25:22.000 PM [Network-log]: User named Linda White from IT department accessed the resource Cybertees.THM/signup.html from the source IP 10.0.0.2 and country France at: Fri Nov 17 14:25:22 2023 host = ***** source = networks sourcetype = network_logs [Network-log]: User named Robert Wilson from HR department accessed the resource Cybertees.THM/signup.html from the source IP 10.0.0.1 and country United States at: Fri Nov 17 14:25:11 2023 host = ***** source = networks sourcetype = network_logs 11/17/23 2:25:21.000 PM [Network-log]: User named Christopher Turner from HR department accessed the resource Cybertees.THM/products/product2.html from the source IP 192.168.0.100 and country Germany at: Fri Nov 17 14:25:17 2023 host = ***** source = networks sourcetype = network_logs ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-23-2024 01:24 AM
Karma given to
View All