cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
JRougeau
Engager
Member since: ‎12-01-2016
‎10-26-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎12-01-2016
Activity Feed
View All

How can I show results for a field that is disable...

by in Splunk Search
‎02-13-2017 12:45 PM
‎02-13-2017 12:45 PM
How can I show results for a field that is disabled and not re-enabled in a certain amount of time? I want to be alerted when AV protection on an endpoint is disabled for a period of time without being re-enabled. Ex: IF signature="Protection Disabled" AND (more than 5 minutes passes without Signature="Protection Enabled") THEN generate alert. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-26-2022 05:34 PM
Karma given to
View All