-
7 years, 10 months ago
Drdosia commented on the post, Potential Suspicious Activity in Windows
In reply to: john117 wrote a new post Potential Suspicious Activity in WindowsThe following Splunk search should be ran over a long period of time (at least it worked best that way in my environment). This query will show […] ViewArgh…html….
eval Short_Message=mvindex(Message,LessThanSign wbr Right slash //GreaterThanSign>0) -
7 years, 10 months ago
Drdosia commented on the post, Potential Suspicious Activity in Windows
In reply to: john117 wrote a new post Potential Suspicious Activity in WindowsThe following Splunk search should be ran over a long period of time (at least it worked best that way in my environment). This query will show […] View“eval Short_Message=mvindex(Message,0) “
-
7 years, 10 months ago
Drdosia commented on the post, Potential Suspicious Activity in Windows
In reply to: john117 wrote a new post Potential Suspicious Activity in WindowsThe following Splunk search should be ran over a long period of time (at least it worked best that way in my environment). This query will show […] ViewHmm posting error with //
Lets try this again:
(eval Short_Message=mvindex(Message,/0) -
7 years, 10 months ago
Drdosia commented on the post, Potential Suspicious Activity in Windows
In reply to: john117 wrote a new post Potential Suspicious Activity in WindowsThe following Splunk search should be ran over a long period of time (at least it worked best that way in my environment). This query will show […] ViewI get a similar error with version 6.5.1:
Error in ‘eval’ command: The expression is malformed. An unexpected character is reached at ‘0)’.Appears to be in: (eval Short_Message=mvindex(Message,0)
-
7 years, 10 months ago
Drdosia became a registered member
-
7 years, 10 months ago
Drdosia became a registered member