Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Unintended Windows Shutdowns

WinEventLog:System
2 2

Description

Submitted by ItsJohnLocke

This splunk query will show any unintended Windows system Shutdowns. Ensure the Splunk App for Windows is installed, you can grab it here: https://apps.splunk.com/app/742/ 
sourcetype="WinEventLog:system" EventCode=6008 | eval Date=strftime(_time, "%Y/%m/%d") | table  Date host, index, Message  | sort  - Date

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom