×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
N3gativeSpace
Engager
Member since: ‎06-05-2025
‎06-05-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎06-05-2025
Activity Feed
View All

Re: transaction command rows for large dataset

by in Splunk Search
‎06-05-2025 09:16 AM
1 Karma
‎06-05-2025 09:16 AM
1 Karma
The end goal is to find what was happening during the time between those two event ids, thank you for your help. I am very new to splunk so any thoughts on the best way to do that would be appreciated! ... View more

transaction command rows for large dataset

by in Splunk Search
‎06-05-2025 08:50 AM
‎06-05-2025 08:50 AM
Here is my code: index=example sourcetype=wineventlog computer_name="example" | transaction computer_name startswith="event_id=4732" endswith="event_id=4733" maxspan=15m mvraw=true mvlist=true | table _time, user.name, computer_name, event_id, _raw  I am trying to separate each event that occurs in order to get rid of fluff content such as "A security-enabled local group membership was enumerated." appearing hundreds of times. What would be the best way to do this? mvexpand has not worked for me so far. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2025 08:45 AM
Karma from
View All