Knowledge Management

search based on a list of windows event codes

ihingos
Engager

I need to setup a search, and later a report that will show certain windows events based on event ID. The list of event codes is pretty long. I know I can just use OR, but that is a ton of ORs. anyone have a better way like having the search function pull a csv or txt file of event IDs, and search for all of them?

Tags (2)

hexx
Splunk Employee
Splunk Employee

You'll probably want to look at event types to automate this sort of thing. A search macro would also achieve a similar result, although it's slightly more complex (and also more powerful) than an event type.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...