Splunk
Splunk Use Case tracker
| rest splunk_server=local count=0 /services/saved/searches | where disabled=0 | rename action.co...
Splunk total run time
(index=_audit host=* action=search sourcetype=audittrail search_id!="rsa_*") | eval user = if(us...
Splunk Drill Down Events
earliest=$initial_time$ latest=$end_time$ index=$index$ EventCode=4624 NOT Logon_Type IN ("5") ho...
Splunk Results Token
fieldsummary