SPL
List of Source Names and Frequency of Events
Description
The following splunk query will output a list of all SourceNames in a windows environment and include a sparkline to indicate frequency:
0 0
eventtype="windows_events" sourcetype="*EventLog:*" (host="*" OR ComputerName="*") TaskCategory="*" SourceName="*" EventCode="*" Type="*" | stats sparkline as Activity, count by host | sort -count
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.