Hey splunkers,
I have a doubt. I created a GET workflow action to search field in the google, but I can't put a word before the variable.
For example:
(...)google.com/search?$Reason$ it's ok. But I want always search "Trend Micro $Reason". I need add always the word "Trend Micro" for each search with variable $reason, but I can't do it.
Splunkers any idea?
Tks.
Hey,
did you just try to filter for Trend Micro?
Just extract the field behind search?
(maybe named as what
), and then filter with sourcetype=bla what="Trend Micro*"
It means that all the returned results contain Trend Micro $reason$ and the just extract the $reason$-tag
Regards
Hey yAlff,
my splunk search returns results without any word with Trend Micro. I want add "Trend Micro + results in my index" in search google.
For example
host=ddi| stats count by Reason
Reason count
DNS response resolves to dead IP address 55
Many failed log in attempts 1
Multiple failed log in attempts 1
I want search in the google:
Trend Micro + "DNS response resolves to dead IP address"
I tried trend micro + $reason and others ways but not happens. In the search goes only Trend Micro.
any idea ?
Tks!