Kibana for Splunk SPL Users

vinoth_kumar · April 18, 2020, 2:45pm

Hi All,

In the 1st lab exercise of this Training -Kibana for Splunk SPL Users, I have doubt in the below questions

2)Create filter
g)How many events downloaded zip files using Legacy OS?
h)How many events from China downloaded zip files?
i)How many events from China, downloaded zip files using Legacy OS?

Regards,
Vinoth

b-elastic · April 18, 2020, 3:23pm

Hi vinoth,

Happy to help. What's your question?

vinoth_kumar · April 18, 2020, 3:40pm

HI Bharat ,

How to frame filter for the above questions ?
i cannot understand it .

Regards,
Vinoth kumar.S

b-elastic · April 20, 2020, 1:16pm

g)How many events downloaded zip files using Legacy OS?
Click to +Add filter and create filters
file.extension is zip
h)How many events from China downloaded zip files?
file.extension is zip
client.geo.country_iso_code is CN
List of ISO country codes can be found here
i)How many events from China, downloaded zip files using Legacy OS?
file.extension is zip
client.geo.country_iso_code is CN
user_agent.os.name is one of [Windows Vista, Windows XP, Windows Vista, Windows 7]
If you have more questions, I'd recommend watching the videos again where these are explained with a demo. Good luck!

Topic		Replies	Views
Kibana 4 / 5: how to show single events of mutltiple selected log files? Kibana	2	2636	July 6, 2017
Kibana dashboard filter doesn't work Kibana	11	1197	May 24, 2023
Kibana dashboard visualize query Kibana	3	1819	February 28, 2017
Conditional filter in Kibana based on preceding events? Elastic Search	7	101	May 27, 2025
Filter in kibana Kibana	2	394	October 12, 2018

Kibana for Splunk SPL Users

Related topics