Using Splunk search commands: transaction, append and appendcols
Автор: Travis Hall
Загружено: 2023-09-26
Просмотров: 1356
In the video you will see me use 3 Splunk search commands: transaction, append and appendcols.
The first command I will cover is the “transaction” search command to create a field called duration that will help me understand how long an interface on my firewall box is down. Using the transaction search command helped me discover that my em2 interface was changing stats multiple times each day.
With that information I start using both the “append” and “apendcols” command to merge the opnsense data with Windows eventlogs to discover what is causing the frequent status changes. This helped me understand that when putting my computer to sleep or waking the computer up, my firewall box will log that as a status change on the interface.
Splunk documentation links:
Splunk Transaction search command:
https://docs.splunk.com/Documentation...
Splunk Append search command:
https://docs.splunk.com/Documentation...
Splunk Appendcols search command:
https://docs.splunk.com/Documentation...
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
