×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
pacmac
Explorer
Member since: ‎12-10-2019
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎12-10-2019
Activity Feed
View All

Re: Does Splunk have an echo command

by in Splunk Search
‎12-12-2019 12:19 AM
‎12-12-2019 12:19 AM
Why is the first | in front of stats needed? You don't need it to do just a search, but this stats command does not work without it. Thank you. ... View more

Re: How to mix fields from two sourcetypes

by in Splunk Enterprise Security
‎12-10-2019 05:37 PM
‎12-10-2019 05:37 PM
Thanks for editing @evzhang ... View more

How to mix fields from two sourcetypes

by in Splunk Enterprise Security
‎12-10-2019 03:41 PM
‎12-10-2019 03:41 PM
Hello, I have these two searches: sourcetype=pan:threat src IN (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12) | where raw_category = "web-advertisements" | stats count by src | sort count DESC and sourcetype="WinEventLog:Security" | stats count by Account_Name | top limit=1 Account_Name | table Account_Name The src field from "pan:threat" sourcetype will be found as "Source Address" or "Source Network Address" on "WinEventLog:Security" sourcetype. I want to retrieve the Account_Name field from "WinEventLog:Security" for each src on "pan:threat" and show them in a table with src and count from "pan:threat" and Account_Name from "WinEventLog:Security". is this possible? Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to