cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
venomousmoose
Engager
Member since: ‎10-02-2017
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎10-02-2017
Activity Feed
View All

Re: Comparing results from three separate events

by in Splunk Search
‎10-03-2017 08:07 AM
‎10-03-2017 08:07 AM
What I'm looking for is activity before and after a virus alert on three different computers on three different days. I'm trying to figure out if there any similar activities (websites visited, emails received, etc...) just before the events that could have triggered the alert. ... View more

Comparing results from three separate events

by in Splunk Search
‎10-02-2017 02:28 PM
‎10-02-2017 02:28 PM
Forgive my ignorance if this has been answered elsewhere, I did my best to search for an answer but have not found it. I am trying to compare three different search results for three separate events for specific time periods. Here are the strings I'm searching for: 1. user=BeerNFries OR ComputerName=xyz.local OR srcip="123.123.123.123" 2. user=Id10T OR ComputerName=123.local OR srcip="111.111.111.111" 3. user=PhishMe OR ComputerName=456.local OR srcip="222.222.222.222" Where: Event 1 occurred 9/17/2017 between 11:45 - 11:48 Event 2 occurred 8/19/2017 between 14:15 - 14:20 Event 3 occurred 9/12/2017 between 15:21 - 15:39 How would I be able to compare what happened during these times to look for similarities? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All