cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jovnice
Explorer
Member since: ‎01-26-2024
‎03-27-2024
Community Statistics
Posts 5
Solutions 1
Karma Given 2
Karma Received 0
Member Since ‎01-26-2024
Activity Feed
View All

Re: Need assistance with a command for application...

by in Getting Data In
‎02-21-2024 11:27 AM
‎02-21-2024 11:27 AM
I also try this for my search: source="WinEventLog:Application" OR WinEventLog:Security EventCode=* user=*   Received this for a message: No results found. Try expanding the time range.   ... View more

Re: Need assistance with a command for application...

by in Getting Data In
‎02-21-2024 11:14 AM
‎02-21-2024 11:14 AM
Error in 'search' command: Unable to parse the search: Comparator '=' has an invalid term on the left hand side: "index-name">source. The search job has failed due to an error. You may be able view the job in the  ... View more

Need assistance with a command for application.

by in Getting Data In
‎02-21-2024 08:44 AM
‎02-21-2024 08:44 AM
I keep getting an error message when I am attempting to this command  * EventCode=* user=* WinEventLog:Application | eval src_nt_host=coalesce(src_nt_host,host) | eval lockout=if(EventCode==644 OR EventCode==4740 OR EventCode==4624,"Yes","No") | stats latest(_time) as time, latest(src_nt_host) as host, latest(lockout) as lockedout values(dest_nt_domain) as dest_nt_domain count(eval(EventCode=4625 OR EventCode=4771)) as count values(Source_Network_Address) as Source_Network_Address by user | eval time=strftime(time,"%c") | rename user to "User Name", Source_Network_Address to "IP Address", count to "Number of Failures" | table dest_nt_domain "User Name" host lockedout time "IP Address" "Number of Failures" I need to pull the application that are running in the event viewer. I was able to pull them in a different location, but I want it to say more information about with the user information. ... View more
Labels

Re: Applications

by in Getting Data In
‎02-02-2024 12:00 PM
‎02-02-2024 12:00 PM
Thanks for the information. For the application I wanted to put an email alert on it for when someone is logging in and out of the application. Is that possible. ... View more

Applications

by in Getting Data In
‎02-02-2024 11:30 AM
‎02-02-2024 11:30 AM
I am very new to Splunk and having a hard time finding how to monitor applications. Can someone help?  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-27-2024 12:43 PM
Karma given to
View All