Forums: SplunkGeneral: display event ID's?

Previous Topic: splunk is taking too many gigs of space  |   Next Topic: Repeating Entries


Posts 1–4 of 4  |  Post to this topic
1
CamBam's Mugshot posted by: CamBam  |  posts
date: May 19, 2008
permalink

I am using splunk lightweight to forward security events from domain controllers.

Is there a way to get the event ID's to be displayed? Or are those stripped out?

2
araitz's Mugshot posted by: araitz  |  posts
date: May 19, 2008
permalink

They are currently in the eventid field - check this field to display it. In future versions, we will include the event ID in the raw data.

3
CamBam's Mugshot posted by: CamBam  |  posts
date: May 20, 2008
permalink

Would you mind clarifying this? Where can i check this field?

4
araitz's Mugshot posted by: araitz  |  posts
date: May 20, 2008
permalink

Click on "Fields", which is below the timeline to the far left, check the box next to eventid, and click Apply.

Post to this topic

You must be logged in to post a reply.










close

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink: