cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
FYPTEST
Engager
Member since: ‎01-27-2021
‎01-27-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎01-27-2021
Activity Feed
View All

How do i use eval to calculate two fields?

by in Splunk Search
‎01-27-2021 08:48 AM
‎01-27-2021 08:48 AM
What I am trying to accomplish with the command is to find the events with the EventCode "4624" and Logon_Type "10" or "2", and to name them as "RDP", however i get the following error: Here is the query below: index=wineventlogsecurity source=xmlWinEventLog:Security | stats count(eval(EventCode="4624") AND (Logon_Type="10")) AS RDP Then I get this error:  Error in 'stats' command: The eval expression for dynamic field 'eval(EventCode="4624") AND (Logon_Type="10")' is invalid. Error='The operator at ') AND (Logon_Type="10"' is invalid.'. Thanks in advance for any help! and apologies for the newbie questions as I am rather new to Splunk. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-27-2021 01:31 PM
Karma given to
View All