deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 8269: add dedupe note/tip

Browse Source 
add dedupe note/tip
This commit is contained in:
Joey Caparas
2018-05-16 18:11:14 +00:00
parent 73e3990767 9ab39216df
commit 27943a302a
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
View File

@ -139,6 +139,10 @@ Use the solution explorer to view alerts in Splunk.
5. Find the query you saved in the list and click **Run**. The results are displayed based on your query. 5. Find the query you saved in the list and click **Run**. The results are displayed based on your query.
>[!TIP]
> To mininimize alert duplications, you can use the following query:
>```source="rest://windows atp alerts" | spath | dedup _raw | table *```
## Related topics ## Related topics
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) - [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)