Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Windows Firewall log

hafizuddin
Path Finder
‎11-26-2017 06:19 PM

Hi, im newbie for splunk enterprise

I had a log file for windows firewall that I already point to Splunk via universal forwarder and splunk read as per below:

11/27/17
9:56:14.000 AM 2017-11-27 09:56:14 ALLOW UDP 202.217.203.244 58.139.24.118 52785 161 0 - - - - - - - SEND
host = BITNPM01 source = C:\Windows\System32\LogFiles\Firewall\pfirewall.log sourcetype = pfirewall

11/27/17
9:56:14.000 AM 2017-11-27 09:56:14 ALLOW UDP 202.217.203.244 114.133.193.1 52785 161 0 - - - - - - - SEND
host = BITNPM01 source = C:\Windows\System32\LogFiles\Firewall\pfirewall.log sourcetype = pfirewall**

I just want to create a table form this log where I need to split variable like source IP, destination IP and time. I had try to used pivot function but the variable it not shown for those i need.

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎11-27-2017 12:01 PM

Have you done any field extractions or are you using a Technology Addon (TA) that is giving you any field extractions? If not, that is your first problem. Once you have the field extractions, you can simply display a table of the data with:

<your_base_search> | table *

or you can define which of the fields you want displayed in your table with:

<your_base_search> | table field, field2, field3

But you do have to have fields being extracted for either of these to do anything useful. Here is a useful document to get you started in creating your own automatic field extraction:

http://docs.splunk.com/Documentation/Splunk/7.0.0/Knowledge/ExtractfieldsinteractivelywithIFX

0 Karma
Reply

HiroshiSatoh
Champion
‎11-26-2017 11:09 PM

If the field is not displayed only for a specific user, I think that it is a matter of authority. Please check the permission setting of field extraction.

Fields » Field extractions
OR
Fields » Field transformations

0 Karma
Reply

HiroshiSatoh
Champion
‎11-26-2017 07:13 PM

What can not be displayed?
Is it a field? Is it a pivot table?

0 Karma
Reply

hafizuddin
Path Finder
‎11-26-2017 08:10 PM

it is a Field...

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...