Announcement

Collapse
No announcement yet.

Splunk SPL

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Splunk SPL

    Query :

    index=notable source="Sigma Alert- Data Compressed"
    | eval a0=if(isnull(a0), " ", a0),
    a1=if(isnull(a1), " ", a1),
    a2=if(isnull(a2), " ", a2),
    a3=if(isnull(a3), " ", a3)
    | stats count by a0 a1 a2 a3​

    Target:

    To count all commands with dynamic arguments
    Tags: spl, splunk
Previous template Next
Working...
X