Seeing issue with tabling results inside quotes and wondering if this is know issue with work around?
query:
index=perfmon source=process sourcetype=WinHostMon ProcessId=22864
results:
Type=Process
Name="splunkd.exe"
ProcessId=22864
CommandLine=""C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service"
StartTime="20160817005341.861352+120"
Host="myhost"
Path="C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"
Type=Process
Name="TrustedInstaller.exe"
ProcessId=19228
CommandLine="C:\Windows\servicing\TrustedInstaller.exe"
StartTime="20160816000024.970946+120"
Host="Anotherhost"
Path="C:\Windows\servicing\TrustedInstaller.exe"
query:
index=perfmon source=process sourcetype=WinHostMon ProcessId=22864 | table CommandLine
No results..
↧