Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

List Notable events with closing history details

Fun Stuff & Helpful Hints Uncategorized

Description

Submitted by Opeyemi Olatunji

5 0 
`notable`
| stats latest(lastTime) as LastTimeSeen values(rule_name) as "Rule Name" values(comment) as "Historical Analysis" values(user) as User by _time event_id, urgency
| eval LastTimeSeen=strftime(LastTimeSeen,"%+")

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom