I am fairly new to Splunk and am attempting to pull timelines into Splunk created by log2timeline.py that I converted to a .csv file using psort with l2tcsv. I am able to do this, however it seems to be pretty messy. I have looked at the apps SA_plaso-app-for-splunk and TA_plaso-add-on-for-splunk which are supposed to help clean up the data but I am not sure how its installed on a Windows machine.
Any help would be greatly appreciated.
↧