Hi All,
In the 1st lab exercise of this Training -Kibana for Splunk SPL Users, I have doubt in the below questions
2)Create filter
g)How many events downloaded zip files using Legacy OS?
h)How many events from China downloaded zip files?
i)How many events from China, downloaded zip files using Legacy OS?
Regards,
Vinoth
Hi vinoth,
Happy to help. What's your question?
HI Bharat ,
How to frame filter for the above questions ?
i cannot understand it .
Regards,
Vinoth kumar.S
g)How many events downloaded zip files using Legacy OS?
Click to +Add filter and create filters
file.extension is zip
h)How many events from China downloaded zip files?
file.extension is zip
client.geo.country_iso_code is CN
List of ISO country codes can be found here
i)How many events from China, downloaded zip files using Legacy OS?
file.extension is zip
client.geo.country_iso_code is CN
user_agent.os.name is one of [Windows Vista, Windows XP, Windows Vista, Windows 7]
If you have more questions, I'd recommend watching the videos again where these are explained with a demo. Good luck!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.