I am trying to identify if events have password info in the returned events. I can run a query using the Search app and it returns the data that I am looking for. I visually examine the_raw output listing for the word 'password'. When I execute the same query using splunk-reskit-powershell the data is returned, however, the word 'password' is replaced with a ',' comma in the _raw data listing.
The syntax of my query is in the form of : index= sourcetype= 'password'
I use preset times when using the gui and startime and endtime when using powershell.
Is there a way to prevent the data from being replaced in my output from the powershell query?
... View more