• Search
  • Dashboards
  • Browse
    • Sourcetype

      • _audit
      • _internal
      • access_combined
      • apache
      • audittrail
      • citrix:netscaler:syslog
      • Cron
      • crowdstrike
      • Dashboards
      • datamodels
      • DBConnect
      • Enterprise Security
      • eval
      • F5
      • Fun Stuff & Helpful Hints
      • Hack
      • Hygiene
      • IIS
      • Juniper
      • Linux Performance
      • linux_secure
      • Malware
      • Monitoring
      • Networking
      • opensense
      • opsec
      • osx_secure
      • Perfmon:Available Memory
      • Perfmon:CPU Load
      • Perfmon:Free Disk Space
      • Perfmon:Network Interface
      • postfix_syslog
      • Qualys
      • REST
      • RFQ – Request For Query
      • splunkd
      • Tenable
      • Uncategorized
      • Unix:Uptime
      • WinEventLog:Application
      • WinEventLog:Security
      • WinEventLog:System
      • WinRegistry
      • WMI:Uptime
    • Tags

      6.1.2 admin apache audit audittrail authentication Cisco Diagnostics failed logon Firewall IIS index indexes internal license License usage Linux linux audit Login Logon malware Network Perfmon Performance qualys REST Security sourcetype splunk splunkd splunk on splunk Tenable Tenable Security Center troubleshoot troubleshooting tstats Universal Forwarder users Vulnerabilities Web Traffic Windows Windows Audit Windows Security _audit _internal
  • Post New Query
  • Our Blog
  • Splunk Jobs
  • Search
  • Dashboards
  • Browse
    • Sourcetype

      • _audit
      • _internal
      • access_combined
      • apache
      • audittrail
      • citrix:netscaler:syslog
      • Cron
      • crowdstrike
      • Dashboards
      • datamodels
      • DBConnect
      • Enterprise Security
      • eval
      • F5
      • Fun Stuff & Helpful Hints
      • Hack
      • Hygiene
      • IIS
      • Juniper
      • Linux Performance
      • linux_secure
      • Malware
      • Monitoring
      • Networking
      • opensense
      • opsec
      • osx_secure
      • Perfmon:Available Memory
      • Perfmon:CPU Load
      • Perfmon:Free Disk Space
      • Perfmon:Network Interface
      • postfix_syslog
      • Qualys
      • REST
      • RFQ – Request For Query
      • splunkd
      • Tenable
      • Uncategorized
      • Unix:Uptime
      • WinEventLog:Application
      • WinEventLog:Security
      • WinEventLog:System
      • WinRegistry
      • WMI:Uptime
    • Tags

      6.1.2 admin apache audit audittrail authentication Cisco Diagnostics failed logon Firewall IIS index indexes internal license License usage Linux linux audit Login Logon malware Network Perfmon Performance qualys REST Security sourcetype splunk splunkd splunk on splunk Tenable Tenable Security Center troubleshoot troubleshooting tstats Universal Forwarder users Vulnerabilities Web Traffic Windows Windows Audit Windows Security _audit _internal
  • Post New Query
  • Our Blog
  • Splunk Jobs

Members

Profile picture of Drdosia

Drdosia

@drdosia Active 7 years, 10 months ago
  • Activity
  • Profile
  • Posts
  • Personal
  • Mentions
  • Favorites
  • Profile picture of Drdosia
    8 years, 4 months ago

    Drdosia commented on the post, Potential Suspicious Activity in Windows

    In reply to: john117 wrote a new post Potential Suspicious Activity in WindowsThe following Splunk search should be ran over a long period of time (at least it worked best that way in my environment). This query will show […] View

    Argh…html….
    eval Short_Message=mvindex(Message,LessThanSign wbr Right slash //GreaterThanSign>0)

  • Profile picture of Drdosia
    8 years, 4 months ago

    Drdosia commented on the post, Potential Suspicious Activity in Windows

    In reply to: john117 wrote a new post Potential Suspicious Activity in WindowsThe following Splunk search should be ran over a long period of time (at least it worked best that way in my environment). This query will show […] View

    “eval Short_Message=mvindex(Message,0) “

  • Profile picture of Drdosia
    8 years, 4 months ago

    Drdosia commented on the post, Potential Suspicious Activity in Windows

    In reply to: john117 wrote a new post Potential Suspicious Activity in WindowsThe following Splunk search should be ran over a long period of time (at least it worked best that way in my environment). This query will show […] View

    Hmm posting error with //
    Lets try this again:
    (eval Short_Message=mvindex(Message,/0)

  • Profile picture of Drdosia
    8 years, 4 months ago

    Drdosia commented on the post, Potential Suspicious Activity in Windows

    In reply to: john117 wrote a new post Potential Suspicious Activity in WindowsThe following Splunk search should be ran over a long period of time (at least it worked best that way in my environment). This query will show […] View

    I get a similar error with version 6.5.1:
    Error in ‘eval’ command: The expression is malformed. An unexpected character is reached at ‘0)’.

    Appears to be in: (eval Short_Message=mvindex(Message,0)

  • Profile picture of Drdosia
    8 years, 4 months ago

    Drdosia became a registered member

  • Profile picture of Drdosia
    8 years, 4 months ago

    Drdosia became a registered member

  • Home
  • Log In
  • Register
  • About GoSplunk
  • GoSplunk FAQs
  • Contact the GoSplunk Team
  • Splunk Website
  • Splunk Documentation
  • Splunk Answers

GoSplunk is not affiliated with Splunk Inc. in any way.

© 2019 GoSplunk
  • Privacy Policy
  • Terms and Conditions
  • Forgot Password?
sponsored