Home >
Configure Splunk Integration
The following sections provide instructions and sample data to help you configure the SysTrack integration with Splunk.
IMPORTANT: The Systrack Configure Policies tab that you need to configure for this integration is available only in SysTrack On-Premises, not in SysTrack Cloud. However, you can use the Splunk Integration with SysTrack Cloud. Contact SysTrack Support so that they can configure it for you.
Configure Policy Settings in SysTrack (On Premises Only)
For SysTrack’s Policy settings, complete the following steps:
-
In SysTrack Configure, select Roles from the left menu.
-
Select the Policies tab.
-
In the Authorization ID field, enter the authorization ID as defined in Splunk as part of the data collector. These must match.
-
In the Port Number field, enter the port you want to use.
NOTE: Do not use 8088 for the port.
-
In the System field, enter the Splunk server.
-
In the Send Time field, enter how often you want the agent to send data.
-
In the URL field, enter the collector path within Splunk.
-
For the UseSSL check box, check it if you want to use SSL. Uncheck it if you do not want to use SSL.
These settings are dependent on the Splunk environment. For example, Port number, URL, data channels, and enable indexer acknowledgement will be different for different Splunk environments.
Configure Data Forwarding Settings in SysTrack
For SysTrack’s Data Forwarding settings, complete the following steps:
-
In SysTrack Configure, select Roles from the left menu.
-
Select the Data Forwarding tab.
-
In the Table field, enter the table data you want to send.
-
In the Destination field, enter the destination indexes within Splunk.
-
In the Schedule Type field, choose from the following:
-
Select Always On if you want constant data that is dependent on the Send time above.
-
Select Active User if you want data when the user is active.
-
Select Sensor Based if you want data based on the triggering of the sensors you select.
-
Select Health if you want data based on the health score falling below the number you select.
-
Select SQL if you want to use SQL queries.
-
Configure the Data Input in Splunk
In your Splunk environment, follow these steps to create the Data Input:
-
In the Apps menu, select Search & Reporting.
-
Select Add Data.
-
Select Data Inputs.
-
Under Local Inputs, select HTTP Event Collector.
-
On the HTTP Event Collector page, click the New Token button.
-
In the Source Type field, select json. (CSV also works.)
-
For Select Allowed Indexes, select the index you want to use. For example, you can use a separate index and name it Systrack.
-
The Enable Indexer Acknowledgement check box can be unchecked. In large environments, check this check box.
If the check box is checked and you don’t get any traffic, look for a Data Channel error in the logs, referring to an error 10.
Create an Index Search in Splunk
In Splunk, navigate to the Search tab. Create a new search that searches the Systrack Index.
View the Search Data in Splunk
After you run your search, expand the data. Your data will look something like the following samples.
Sample JSON
Here is sample data in JSON format.
Copy
[
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 16:01:10",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 16:01:10\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 141.477369 , IoOps : 0.500000 , Commit : 26.226563 , Paged : 232.226563 , NonPaged : 56.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1168.748872 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 3.433361 , Threads : 25 , Memory : 1293.944901 , IoOps : 0.500000 , Commit : 194.437500 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 17.513522 , Threads : 57 , Memory : 366.869284 , IoOps : 102.333864 , Commit : 72.542969 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 779 , DiskRespTime : 0 },{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 673.238224 , IoOps : 0.500000 , Commit : 67.277344 , Paged : 523.539063 , NonPaged : 30.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 2.260017 , Threads : 24 , Memory : 143.469568 , IoOps : 0.500000 , Commit : 12.515625 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 1.086670 , Threads : 11 , Memory : 127.610102 , IoOps : 2.013321 , Commit : 10.929688 , Paged : 206.398438 , NonPaged : 22.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 13 , Memory : 95.227105 , IoOps : 0.500000 , Commit : 16.699219 , Paged : 495.367188 , NonPaged : 35.218750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapphost.exe , User : RSLAB\\\\rs_adm , PID : 4192 , CPU : 0.500000 , Threads : 9 , Memory : 609.878487 , IoOps : 0.500000 , Commit : 29.359375 , Paged : 333.929688 , NonPaged : 20.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 1.673344 , Threads : 106 , Memory : 357.923920 , IoOps : 0.500000 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 1.673340 , Threads : 44 , Memory : 285.345380 , IoOps : 1.950266 , Commit : 27.878906 , Paged : 584.945313 , NonPaged : 72.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 4 , Memory : 76.437935 , IoOps : 0.500000 , Commit : 10.914063 , Paged : 188.976563 , NonPaged : 11.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 0.500000 , Threads : 42 , Memory : 536.557755 , IoOps : 0.500000 , Commit : 51.480469 , Paged : 861.906250 , NonPaged : 90.078125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.500000 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.195313 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 7 , Memory : 75.656680 , IoOps : 1.130550 , Commit : 6.164063 , Paged : 131.601563 , NonPaged : 30.000000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logonui.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3316 , CPU : 0.500000 , Threads : 17 , Memory : 526.557698 , IoOps : 0.500000 , Commit : 15.925781 , Paged : 520.320313 , NonPaged : 32.273438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , Memory : 77.453565 , IoOps : 0.500000 , Commit : 5.718750 , Paged : 476.078125 , NonPaged : 20.898438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.067495 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 21.203243 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapp.exe , User : RSLAB\\\\rs_adm , PID : 5392 , CPU : 0.500000 , Threads : 23 , Memory : 426.635251 , IoOps : 0.500000 , Commit : 10.644531 , Paged : 385.804688 , NonPaged : 23.914063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 704 , CPU : 0.500000 , Threads : 10 , Memory : 49.445593 , IoOps : 0.500000 , Commit : 4.132813 , Paged : 95.968750 , NonPaged : 17.273438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 196.555809 , IoOps : 0.878330 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.679826 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 226.282542 , IoOps : 0.500000 , Commit : 18.628906 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 13 , Memory : 57.414388 , IoOps : 0.500000 , Commit : 5.847656 , Paged : 145.710938 , NonPaged : 23.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 76.906687 , IoOps : 0.815275 , Commit : 7.777344 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.500000 , Threads : 10 , Memory : 66.086313 , IoOps : 0.500000 , Commit : 6.777344 , Paged : 343.148438 , NonPaged : 21.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 1.673340 , Threads : 21 , Memory : 148.508659 , IoOps : 0.752220 , Commit : 17.914063 , Paged : 157.453125 , NonPaged : 31.476563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 20 , Memory : 80.031705 , IoOps : 0.500000 , Commit : 8.082031 , Paged : 247.843750 , NonPaged : 36.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsimods64.exe , User : RSLAB10V2\\\\SYSTEM , PID :",
"_time": "2020-11-23T16:01:10.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 16:00:55",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 16:00:55\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 141.477369 , IoOps : 0.500000 , Commit : 26.226563 , Paged : 232.226563 , NonPaged : 56.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1168.748872 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 2.700914 , Threads : 106 , Memory : 358.158297 , IoOps : 0.500000 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 6.552513 , Threads : 57 , Memory : 345.423849 , IoOps : 10.978244 , Commit : 72.343750 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 777 , DiskRespTime : 0 },{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 673.238224 , IoOps : 0.500000 , Commit : 67.277344 , Paged : 523.539063 , NonPaged : 30.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 1.600457 , Threads : 7 , Memory : 75.422304 , IoOps : 0.500000 , Commit : 6.160156 , Paged : 131.601563 , NonPaged : 30.000000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.503904 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 13 , Memory : 95.227105 , IoOps : 0.500000 , Commit : 16.699219 , Paged : 495.367188 , NonPaged : 35.218750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapphost.exe , User : RSLAB\\\\rs_adm , PID : 4192 , CPU : 0.500000 , Threads : 9 , Memory : 609.878487 , IoOps : 0.500000 , Commit : 29.359375 , Paged : 333.929688 , NonPaged : 20.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 1.600454 , Threads : 25 , Memory : 1270.390079 , IoOps : 0.500000 , Commit : 194.437500 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 2.700911 , Threads : 39 , Memory : 304.251738 , IoOps : 1.441160 , Commit : 29.656250 , Paged : 584.945313 , NonPaged : 71.195313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 141.360181 , IoOps : 0.500000 , Commit : 12.515625 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 0.500000 , Threads : 42 , Memory : 536.518692 , IoOps : 0.500000 , Commit : 51.480469 , Paged : 861.906250 , NonPaged : 90.078125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 1.050227 , Threads : 11 , Memory : 9.601615 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 350.664063 , NonPaged : 22.625000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 1.050227 , Threads : 11 , Memory : 137.414846 , IoOps : 1.252928 , Commit : 12.199219 , Paged : 206.304688 , NonPaged : 21.515625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 4 , Memory : 76.437935 , IoOps : 0.500000 , Commit : 10.914063 , Paged : 188.976563 , NonPaged : 11.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logonui.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3316 , CPU : 0.500000 , Threads : 17 , Memory : 526.557698 , IoOps : 0.500000 , Commit : 15.925781 , Paged : 520.320313 , NonPaged : 32.273438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 704 , CPU : 1.050227 , Threads : 10 , Memory : 49.601843 , IoOps : 0.500000 , Commit : 4.148438 , Paged : 95.968750 , NonPaged : 17.273438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.500000 , Threads : 9 , Memory : 103.156837 , IoOps : 1.064696 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapp.exe , User : RSLAB\\\\rs_adm , PID : 5392 , CPU : 0.500000 , Threads : 23 , Memory : 426.596188 , IoOps : 0.500000 , Commit : 10.644531 , Paged : 385.804688 , NonPaged : 23.914063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , Memory : 77.336377 , IoOps : 0.500000 , Commit : 5.710938 , Paged : 476.078125 , NonPaged : 20.898438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 21 , Memory : 148.508659 , IoOps : 0.876464 , Commit : 17.914063 , Paged : 157.453125 , NonPaged : 31.476563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 21.086055 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 13 , Memory : 57.414388 , IoOps : 0.500000 , Commit : 5.847656 , Paged : 145.710938 , NonPaged : 23.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 76.906687 , IoOps : 0.813720 , Commit : 7.777344 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.679826 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.500000 , Threads : 12 , Memory : 61.437849 , IoOps : 0.500000 , Commit : 6.882813 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 226.282542 , IoOps : 0.688232 , Commit : 18.628906 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 196.555809 , IoOps : 0.500000 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.5",
"_time": "2020-11-23T16:00:55.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 16:00:39",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 16:00:39\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1168.748872 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 2.782810 , Threads : 25 , Memory : 1209.256917 , IoOps : 0.500000 , Commit : 194.437500 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 5.065616 , Threads : 57 , Memory : 345.619162 , IoOps : 16.947699 , Commit : 72.847656 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 1912 , DiskRespTime : 0 },{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 13 , Memory : 95.227105 , IoOps : 0.500000 , Commit : 16.699219 , Paged : 495.367188 , NonPaged : 35.218750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 673.238224 , IoOps : 0.500000 , Commit : 67.277344 , Paged : 523.539063 , NonPaged : 30.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logonui.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3316 , CPU : 2.212106 , Threads : 17 , Memory : 526.362384 , IoOps : 0.500000 , Commit : 15.925781 , Paged : 520.320313 , NonPaged : 32.273438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 0.500000 , Threads : 11 , Memory : 137.805473 , IoOps : 1.325826 , Commit : 12.199219 , Paged : 206.382813 , NonPaged : 21.914063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 4 , Memory : 76.437935 , IoOps : 0.500000 , Commit : 10.914063 , Paged : 188.976563 , NonPaged : 11.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapphost.exe , User : RSLAB\\\\rs_adm , PID : 4192 , CPU : 0.500000 , Threads : 9 , Memory : 609.878487 , IoOps : 0.500000 , Commit : 29.359375 , Paged : 333.929688 , NonPaged : 20.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 1.641401 , Threads : 42 , Memory : 536.518692 , IoOps : 0.500000 , Commit : 51.480469 , Paged : 861.906250 , NonPaged : 90.078125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 0.500000 , Threads : 39 , Memory : 303.900174 , IoOps : 1.188188 , Commit : 29.640625 , Paged : 584.945313 , NonPaged : 71.195313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 226.282542 , IoOps : 0.500000 , Commit : 18.628906 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 1.070701 , Threads : 11 , Memory : 9.601615 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 350.664063 , NonPaged : 22.625000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.188188 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 21.086055 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapp.exe , User : RSLAB\\\\rs_adm , PID : 5392 , CPU : 1.070701 , Threads : 23 , Memory : 426.479000 , IoOps : 0.500000 , Commit : 10.644531 , Paged : 385.804688 , NonPaged : 23.914063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 196.555809 , IoOps : 0.912913 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.679826 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : powershell.exe , User : RSLAB10V2\\\\SYSTEM , PID : 6712 , CPU : 0.500000 , Threads : 12 , Memory : 395.385072 , IoOps : 0.500000 , Commit : 25.199219 , Paged : 268.375000 , NonPaged : 28.968750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 76.867624 , IoOps : 0.844094 , Commit : 7.777344 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.914259 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.843750 , NonPaged : 14.703125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 15 , Memory : 150.344607 , IoOps : 0.500000 , Commit : 9.304688 , Paged : 419.609375 , NonPaged : 29.734375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.500000 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.195313 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 21 , Memory : 148.508659 , IoOps : 0.775275 , Commit : 17.914063 , Paged : 157.453125 , NonPaged : 31.476563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 20 , Memory : 80.031705 , IoOps : 0.500000 , Commit : 8.082031 , Paged : 247.843750 , NonPaged : 36.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 141.477369 , IoOps : 0.500000 , Commit : 26.226563 , Paged : 232.226563 , NonPaged : 56.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 7 , Memory : 75.383241 , IoOps : 0.500000 , Commit : 6.164063 , Paged : 131.601563 , NonPaged : 30.000000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 2.782810 , Threads : 106 , Memory : 358.275485 , IoOps : 0.706456 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 141.164867 , IoOps : 0.500000 , Commit : 12.496094 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , ",
"_time": "2020-11-23T16:00:39.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 16:00:24",
"WTYPE": "1",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 16:00:24\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"1\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.612492 , Threads : 8 , Memory : 673.238224 , IoOps : 0.500000 , Commit : 67.277344 , Paged : 523.539063 , NonPaged : 30.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 4.536426 , Threads : 25 , Memory : 1291.444887 , IoOps : 0.739519 , Commit : 194.437500 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 14.115037 , Threads : 57 , Memory : 339.564440 , IoOps : 23.843111 , Commit : 72.652344 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 878 , DiskRespTime : 0 },{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 13 , Memory : 95.227105 , IoOps : 0.500000 , Commit : 16.699219 , Paged : 495.367188 , NonPaged : 35.218750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapphost.exe , User : RSLAB\\\\rs_adm , PID : 4192 , CPU : 0.500000 , Threads : 9 , Memory : 609.878487 , IoOps : 0.500000 , Commit : 29.359375 , Paged : 333.929688 , NonPaged : 20.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 3.698580 , Threads : 42 , Memory : 536.518692 , IoOps : 0.506653 , Commit : 51.480469 , Paged : 861.906250 , NonPaged : 90.078125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 4.908844 , Threads : 45 , Memory : 305.423620 , IoOps : 2.444428 , Commit : 29.996094 , Paged : 584.945313 , NonPaged : 72.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.556401 , Threads : 4 , Memory : 76.437935 , IoOps : 0.500000 , Commit : 10.914063 , Paged : 188.976563 , NonPaged : 11.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logonui.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3316 , CPU : 0.500000 , Threads : 17 , Memory : 526.362384 , IoOps : 0.500000 , Commit : 15.925781 , Paged : 520.320313 , NonPaged : 32.273438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiuser.exe , User : RSLAB\\\\rs_adm , PID : 4588 , CPU : 2.816938 , Threads : 4 , Memory : 35.890828 , IoOps : 0.509980 , Commit : 5.328125 , Paged : 224.593750 , NonPaged : 20.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 5.775773 , Threads : 11 , Memory : 137.805473 , IoOps : 1.923807 , Commit : 12.199219 , Paged : 206.382813 , NonPaged : 21.914063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapp.exe , User : RSLAB\\\\rs_adm , PID : 5392 , CPU : 0.500000 , Threads : 23 , Memory : 426.479000 , IoOps : 0.500000 , Commit : 10.644531 , Paged : 385.804688 , NonPaged : 23.914063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 2.707070 , Threads : 11 , Memory : 9.601615 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 350.664063 , NonPaged : 22.625000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.980491 , Threads : 10 , Memory : 25.968896 , IoOps : 1.331663 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.556401 , Threads : 13 , Memory : 24.679826 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 1.842337 , Threads : 24 , Memory : 141.477369 , IoOps : 0.543246 , Commit : 12.527344 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.756415 , Threads : 8 , Memory : 21.086055 , IoOps : 1.321683 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.579364 , Threads : 21 , Memory : 79.836391 , IoOps : 0.500000 , Commit : 8.132813 , Paged : 247.843750 , NonPaged : 36.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 1.044620 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.195313 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 1.818005 , Threads : 6 , Memory : 226.282542 , IoOps : 1.258476 , Commit : 18.628906 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.506653 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 196.555809 , IoOps : 0.699599 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.862371 , Threads : 7 , Memory : 75.344178 , IoOps : 0.618096 , Commit : 6.160156 , Paged : 131.601563 , NonPaged : 30.000000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 7 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 287.898504 , Threads : 106 , Memory : 358.275485 , IoOps : 0.952425 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 3 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.587440 , Threads : 12 , Memory : 61.437849 , IoOps : 0.500000 , Commit : 6.882813 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.758760 , Threads : 15 , Memory : 150.344607 , IoOps : 0.504990 , Commit : 9.304688 , Paged : 419.609375 , NonPaged : 29.734375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.838772 , Threads : 1 , Memory : 1168.748872 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.683976 , Threads : 21 , Memory : 148.508659 , IoOps : 0.935791 , Commit : 17.914063 , Paged : 157.453125 , NonPaged : 31.476563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487c-9050-104dbcd66683} , User : RSLAB\\\\rs_adm , PID : 6188 , CPU : 0.500000 , Threads : 6 , Memory : 37.883026 , IoOps : 0.500000 , Commit : 6.515625 , Paged : 224.570313 , NonPaged : 22.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.528200 , Threads : 18 , Memory : 141.477369 , IoOps : 0.500000 , Commit : 26.226563 , Paged : 232.226563 , NonPaged : 56.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : ",
"_time": "2020-11-23T16:00:24.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 16:00:24",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 16:00:24\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1168.748872 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 2.883509 , Threads : 11 , Memory : 137.805473 , IoOps : 0.500000 , Commit : 12.199219 , Paged : 206.382813 , NonPaged : 21.914063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 6.458775 , Threads : 57 , Memory : 339.564440 , IoOps : 17.163249 , Commit : 72.652344 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 823 , DiskRespTime : 0 },{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 13 , Memory : 95.227105 , IoOps : 0.500000 , Commit : 16.699219 , Paged : 495.367188 , NonPaged : 35.218750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 673.238224 , IoOps : 0.500000 , Commit : 67.277344 , Paged : 523.539063 , NonPaged : 30.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 2.287631 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.195313 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 1.095877 , Threads : 10 , Memory : 25.968896 , IoOps : 1.495812 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 4 , Memory : 76.437935 , IoOps : 0.500000 , Commit : 10.914063 , Paged : 188.976563 , NonPaged : 11.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapphost.exe , User : RSLAB\\\\rs_adm , PID : 4192 , CPU : 0.500000 , Threads : 9 , Memory : 609.878487 , IoOps : 0.500000 , Commit : 29.359375 , Paged : 333.929688 , NonPaged : 20.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 2.287631 , Threads : 25 , Memory : 1291.444887 , IoOps : 0.500000 , Commit : 194.437500 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 21 , Memory : 148.508659 , IoOps : 0.898325 , Commit : 17.914063 , Paged : 157.453125 , NonPaged : 31.476563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 226.282542 , IoOps : 0.500000 , Commit : 18.628906 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logonui.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3316 , CPU : 1.691754 , Threads : 17 , Memory : 526.362384 , IoOps : 0.500000 , Commit : 15.925781 , Paged : 520.320313 , NonPaged : 32.273438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.500000 , Threads : 9 , Memory : 103.156837 , IoOps : 0.898325 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 21.086055 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 1.095877 , Threads : 7 , Memory : 75.344178 , IoOps : 0.500000 , Commit : 6.160156 , Paged : 131.601563 , NonPaged : 30.000000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 4.671143 , Threads : 45 , Memory : 305.423620 , IoOps : 0.831937 , Commit : 29.996094 , Paged : 584.945313 , NonPaged : 72.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.679826 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 1.095877 , Threads : 15 , Memory : 77.023875 , IoOps : 0.500000 , Commit : 5.710938 , Paged : 476.078125 , NonPaged : 20.898438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsimods64.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3184 , CPU : 1.095877 , Threads : 1 , Memory : 6.164095 , IoOps : 0.699162 , Commit : 1.578125 , Paged : 70.218750 , NonPaged : 20.246094 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 196.555809 , IoOps : 0.500000 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 1.095877 , Threads : 42 , Memory : 536.518692 , IoOps : 0.500000 , Commit : 51.480469 , Paged : 861.906250 , NonPaged : 90.078125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 1.095877 , Threads : 106 , Memory : 358.275485 , IoOps : 0.632775 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 21 , Memory : 79.836391 , IoOps : 0.500000 , Commit : 8.132813 , Paged : 247.843750 , NonPaged : 36.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 15 , Memory : 150.344607 , IoOps : 0.500000 , Commit : 9.304688 , Paged : 419.609375 , NonPaged : 29.734375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapp.exe , User : RSLAB\\\\rs_adm , PID : 5392 , CPU : 1.095877 , Threads : 23 , Memory : 426.479000 , IoOps : 0.500000 , Commit : 10.644531 , Paged : 385.804688 , NonPaged : 23.914063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vgauthservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1252 , CPU : 0.500000 , Threads : 2 , Memory : 14.367267 , IoOps : 0.566387 , Commit : 4.976563 , Paged : 145.812500 , NonPaged : 13.156250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 76.867624 , IoOps : 0.500000 , Commit : 7.777344 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 141.477369 , IoOps : 0.500000 , Commit : 12.527344 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchprotocolhost.exe , User : RSLAB10V2\\\\SYSTEM , PID : 6900 , CPU : 0.500000 , Threads : 8 ,",
"_time": "2020-11-23T16:00:24.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"CPU": "0",
"CPU_COST": "0.000000",
"DISK_COST": "0.000000",
"HWPROBLEM": "0",
"HWPROBLEM_COST": "0.000000",
"LATENCY": "1",
"LATENCY_COST": "1.000000",
"MEM": "0",
"MEM_COST": "0.000000",
"NET": "0",
"NET_COST": "0.000000",
"STARTUP": "0",
"STARTUP_COST": "0.000000",
"VIRT": "0",
"VIRT_COST": "0.000000",
"VM": "0",
"VM_COST": "0.000000",
"WDISK": "0",
"WEVENT": "0",
"WEVENT_COST": "0.000000",
"WFAULT": "0",
"WFAULT_COST": "0.000000",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WINSTALL": "0",
"WINSTALL_COST": "0.000000",
"WSUMMARY": "1",
"WTIME": "2020-11-23 16:00:24",
"WTYPE": "1",
"WUPDATE": "0",
"WUPDATE_COST": "0.000000",
"_raw": "{\n\"table\": \"SAHEALTH\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"1\",\n\"WTIME\": \"2020-11-23 16:00:24\",\n\"WSUMMARY\": \"1\",\n\"CPU\": \"0\",\n\"CPU_COST\": \"0.000000\",\n\"MEM\": \"0\",\n\"MEM_COST\": \"0.000000\",\n\"WDISK\": \"0\",\n\"DISK_COST\": \"0.000000\",\n\"NET\": \"0\",\n\"NET_COST\": \"0.000000\",\n\"LATENCY\": \"1\",\n\"LATENCY_COST\": \"1.000000\",\n\"STARTUP\": \"0\",\n\"STARTUP_COST\": \"0.000000\",\n\"VIRT\": \"0\",\n\"VIRT_COST\": \"0.000000\",\n\"VM\": \"0\",\n\"VM_COST\": \"0.000000\",\n\"WINSTALL\": \"0\",\n\"WINSTALL_COST\": \"0.000000\",\n\"WUPDATE\": \"0\",\n\"WUPDATE_COST\": \"0.000000\",\n\"WEVENT\": \"0\",\n\"WEVENT_COST\": \"0.000000\",\n\"WFAULT\": \"0\",\n\"WFAULT_COST\": \"0.000000\",\n\"HWPROBLEM\": \"0\",\n\"HWPROBLEM_COST\": \"0.000000\"}",
"_time": "2020-11-23T16:00:24.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "32",
"punct": "{\"\":_\"\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"--_::\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "SAHEALTH"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 16:00:09",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 16:00:09\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 13 , Memory : 95.227105 , IoOps : 0.500000 , Commit : 16.699219 , Paged : 495.367188 , NonPaged : 35.218750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1168.748872 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logonui.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3316 , CPU : 12.489359 , Threads : 22 , Memory : 527.299889 , IoOps : 0.500000 , Commit : 16.082031 , Paged : 520.414063 , NonPaged : 33.601563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 20.118951 , Threads : 57 , Memory : 336.400360 , IoOps : 6.151572 , Commit : 72.652344 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 814 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 4 , Memory : 76.437935 , IoOps : 0.500000 , Commit : 10.914063 , Paged : 188.976563 , NonPaged : 11.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 673.238224 , IoOps : 0.500000 , Commit : 67.277344 , Paged : 523.539063 , NonPaged : 30.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapp.exe , User : RSLAB\\\\rs_adm , PID : 5392 , CPU : 6.494678 , Threads : 27 , Memory : 427.182129 , IoOps : 0.500000 , Commit : 10.761719 , Paged : 385.804688 , NonPaged : 24.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 2.677446 , Threads : 11 , Memory : 137.805473 , IoOps : 1.287710 , Commit : 12.195313 , Paged : 206.398438 , NonPaged : 22.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapphost.exe , User : RSLAB\\\\rs_adm , PID : 4192 , CPU : 0.500000 , Threads : 11 , Memory : 610.190989 , IoOps : 0.500000 , Commit : 29.417969 , Paged : 333.929688 , NonPaged : 20.546875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 6.487976 , Threads : 106 , Memory : 358.275485 , IoOps : 0.500000 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 3.766166 , Threads : 43 , Memory : 304.915804 , IoOps : 1.156425 , Commit : 29.863281 , Paged : 584.945313 , NonPaged : 72.257813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 21.086055 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 4.310529 , Threads : 25 , Memory : 1290.546444 , IoOps : 0.500000 , Commit : 194.437500 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.156425 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.679826 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 3.221806 , Threads : 11 , Memory : 9.601615 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 350.664063 , NonPaged : 22.625000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 195.969868 , IoOps : 0.893855 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 21 , Memory : 79.836391 , IoOps : 0.500000 , Commit : 8.132813 , Paged : 247.843750 , NonPaged : 36.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 15 , Memory : 150.305545 , IoOps : 0.500000 , Commit : 9.304688 , Paged : 419.609375 , NonPaged : 29.734375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 2.133083 , Threads : 12 , Memory : 61.398786 , IoOps : 0.500000 , Commit : 6.878906 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 76.867624 , IoOps : 0.828212 , Commit : 7.777344 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 141.477369 , IoOps : 0.500000 , Commit : 12.527344 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 1.588723 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 21 , Memory : 148.508659 , IoOps : 0.762570 , Commit : 17.914063 , Paged : 157.453125 , NonPaged : 31.476563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487c-9050-104dbcd66683} , User : RSLAB\\\\rs_adm , PID : 6188 , CPU : 0.500000 , Threads : 6 , Memory : 37.883026 , IoOps : 0.500000 , Commit : 6.515625 , Paged : 224.570313 , NonPaged : 22.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 133.469511 , IoOps : 0.500000 , Commit : 26.226563 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 1.588723 , Threads : 42 , Memory : 536.479629 , IoOps : 0.500000 , Commit : 51.480469 , Paged : 861.906250 , NonPaged : 90.078125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.500000 , Threads : 9 , Memory : 103.156837 , IoOps : 0.696927 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 8 , Memory : 72.219160 , IoOps : 0.500000 , Commit : 6.246094 , Paged : 131.601563 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : sihost.exe , User : RSLAB\\\\rs_adm , PID : 1008 , CPU : 0.500000 , Threads : 10 , Memory : 126.242907 , IoOps : 0.500000 , Commit : 4.882813 , Paged : 201.484375 , NonPaged : 17.226563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User : RSLAB10V2\\\\NETWORK SER",
"_time": "2020-11-23T16:00:09.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:59:54",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:59:54\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1168.748872 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapp.exe , User : RSLAB\\\\rs_adm , PID : 5392 , CPU : 1.653497 , Threads : 27 , Memory : 426.986815 , IoOps : 0.500000 , Commit : 10.734375 , Paged : 385.804688 , NonPaged : 24.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 31.679344 , Threads : 6 , Memory : 226.282542 , IoOps : 28.548633 , Commit : 18.628906 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 13 , Memory : 95.227105 , IoOps : 0.500000 , Commit : 16.699219 , Paged : 495.367188 , NonPaged : 35.218750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 673.238224 , IoOps : 0.500000 , Commit : 67.277344 , Paged : 523.539063 , NonPaged : 30.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 1.077394 , Threads : 106 , Memory : 358.392673 , IoOps : 0.500000 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 5.113985 , Threads : 57 , Memory : 324.954982 , IoOps : 11.483274 , Commit : 72.652344 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 815 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 4 , Memory : 76.437935 , IoOps : 0.500000 , Commit : 10.914063 , Paged : 188.976563 , NonPaged : 11.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapphost.exe , User : RSLAB\\\\rs_adm , PID : 4192 , CPU : 0.500000 , Threads : 11 , Memory : 625.191075 , IoOps : 0.500000 , Commit : 29.417969 , Paged : 333.929688 , NonPaged : 20.546875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 1.077394 , Threads : 25 , Memory : 1241.991479 , IoOps : 0.500000 , Commit : 194.437500 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.553470 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logonui.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3316 , CPU : 0.500000 , Threads : 22 , Memory : 527.299889 , IoOps : 0.500000 , Commit : 16.082031 , Paged : 520.414063 , NonPaged : 33.601563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 1.077394 , Threads : 42 , Memory : 532.573357 , IoOps : 0.500000 , Commit : 51.480469 , Paged : 861.906250 , NonPaged : 90.078125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 2.232184 , Threads : 39 , Memory : 304.486114 , IoOps : 1.487628 , Commit : 29.695313 , Paged : 584.945313 , NonPaged : 71.195313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 21.086055 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.500000 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.195313 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 21 , Memory : 148.469597 , IoOps : 1.487628 , Commit : 17.910156 , Paged : 157.453125 , NonPaged : 31.476563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.679826 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 8 , Memory : 72.258223 , IoOps : 0.500000 , Commit : 6.250000 , Paged : 131.601563 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 1.077394 , Threads : 11 , Memory : 137.141407 , IoOps : 1.290102 , Commit : 12.195313 , Paged : 206.304688 , NonPaged : 21.515625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 195.969868 , IoOps : 0.500000 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , Memory : 76.672311 , IoOps : 0.500000 , Commit : 5.710938 , Paged : 476.078125 , NonPaged : 20.898438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.500000 , Threads : 9 , Memory : 103.156837 , IoOps : 1.092577 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 21 , Memory : 79.836391 , IoOps : 0.500000 , Commit : 8.132813 , Paged : 247.843750 , NonPaged : 36.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 17 , Memory : 150.539921 , IoOps : 0.500000 , Commit : 9.437500 , Paged : 419.609375 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 12 , Memory : 42.922118 , IoOps : 0.500000 , Commit : 5.781250 , Paged : 145.710938 , NonPaged : 23.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 76.867624 , IoOps : 0.829209 , Commit : 7.777344 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 141.516432 , IoOps : 0.500000 , Commit : 12.527344 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : sihost.exe , User : RSLAB\\\\rs_adm , PID : 1008 , CPU : 0.500000 ",
"_time": "2020-11-23T15:59:54.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:59:39",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:59:39\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 13 , Memory : 95.227105 , IoOps : 0.500000 , Commit : 16.699219 , Paged : 495.367188 , NonPaged : 35.218750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1168.748872 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logonui.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3316 , CPU : 8.101417 , Threads : 24 , Memory : 527.612391 , IoOps : 0.500000 , Commit : 16.140625 , Paged : 523.195313 , NonPaged : 34.132813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 8.101417 , Threads : 57 , Memory : 322.611218 , IoOps : 8.624829 , Commit : 72.652344 , Paged : 331.312500 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 823 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.500000 , Threads : 9 , Memory : 103.156837 , IoOps : 0.699791 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 673.238224 , IoOps : 0.500000 , Commit : 67.277344 , Paged : 523.539063 , NonPaged : 30.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 3.700597 , Threads : 106 , Memory : 358.392673 , IoOps : 0.500000 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 141.516432 , IoOps : 1.498954 , Commit : 12.527344 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 4 , Memory : 76.437935 , IoOps : 0.500000 , Commit : 10.914063 , Paged : 188.976563 , NonPaged : 11.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapphost.exe , User : RSLAB\\\\rs_adm , PID : 4192 , CPU : 0.500000 , Threads : 14 , Memory : 625.698890 , IoOps : 0.500000 , Commit : 29.519531 , Paged : 338.101563 , NonPaged : 21.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 3.300522 , Threads : 25 , Memory : 1241.171162 , IoOps : 0.500000 , Commit : 194.437500 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 1.300149 , Threads : 11 , Memory : 134.446079 , IoOps : 1.299164 , Commit : 11.550781 , Paged : 206.398438 , NonPaged : 22.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapp.exe , User : RSLAB\\\\rs_adm , PID : 5392 , CPU : 3.300522 , Threads : 28 , Memory : 427.416505 , IoOps : 0.633194 , Commit : 10.792969 , Paged : 387.195313 , NonPaged : 25.242188 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 0.900075 , Threads : 42 , Memory : 304.876742 , IoOps : 1.165970 , Commit : 29.816406 , Paged : 584.945313 , NonPaged : 71.992188 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 21.086055 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 1.300149 , Threads : 6 , Memory : 34.914259 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.843750 , NonPaged : 14.703125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.165970 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.679826 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 158.313403 , IoOps : 0.500000 , Commit : 18.234375 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 0.900075 , Threads : 11 , Memory : 9.601615 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 350.664063 , NonPaged : 22.625000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 21 , Memory : 148.508659 , IoOps : 0.966179 , Commit : 17.914063 , Paged : 157.453125 , NonPaged : 31.476563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 21 , Memory : 79.797329 , IoOps : 0.500000 , Commit : 8.132813 , Paged : 247.843750 , NonPaged : 36.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 21 , Memory : 151.047736 , IoOps : 0.500000 , Commit : 9.703125 , Paged : 425.171875 , NonPaged : 31.328125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : powershell.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2604 , CPU : 0.500000 , Threads : 18 , Memory : 542.260912 , IoOps : 0.500000 , Commit : 42.925781 , Paged : 328.859375 , NonPaged : 41.039063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 195.969868 , IoOps : 0.899582 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 133.469511 , IoOps : 0.500000 , Commit : 26.226563 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.500000 , Threads : 5 , Memory : 30.578297 , IoOps : 0.500000 , Commit : 3.191406 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 76.867624 , IoOps : 0.832985 , Commit : 7.777344 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.500000 , Threads : 12 , Memory : 61.437849 , IoOps : 0.500000 , Commit : 6.882813 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : sihost.exe , User : RSLAB\\\\rs_adm , PID : 1008 , CPU : 0.500000 , Threads : 14 , Memory : 126.594472 , IoOps : 0.500000 , Commit : 5.000000 , Paged : 204.265625 , NonPaged : 18.289063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 8 , Mem",
"_time": "2020-11-23T15:59:39.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:59:24",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:59:24\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 13 , Memory : 95.227105 , IoOps : 0.500000 , Commit : 16.699219 , Paged : 495.367188 , NonPaged : 35.218750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapphost.exe , User : RSLAB\\\\rs_adm , PID : 4192 , CPU : 0.500000 , Threads : 14 , Memory : 625.698890 , IoOps : 0.500000 , Commit : 29.519531 , Paged : 338.101563 , NonPaged : 21.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 35.616878 , Threads : 106 , Memory : 358.509861 , IoOps : 0.638085 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 20.399558 , Threads : 57 , Memory : 315.540865 , IoOps : 30.533504 , Commit : 72.453125 , Paged : 331.468750 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 856 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logonui.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3316 , CPU : 0.500000 , Threads : 24 , Memory : 527.612391 , IoOps : 0.500000 , Commit : 16.140625 , Paged : 523.195313 , NonPaged : 34.132813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 11.035059 , Threads : 21 , Memory : 151.008674 , IoOps : 0.707128 , Commit : 9.703125 , Paged : 425.171875 , NonPaged : 31.328125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 1.670561 , Threads : 44 , Memory : 305.228306 , IoOps : 3.330744 , Commit : 29.945313 , Paged : 584.945313 , NonPaged : 72.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 21.086055 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lockapp.exe , User : RSLAB\\\\rs_adm , PID : 5392 , CPU : 0.500000 , Threads : 28 , Memory : 427.416505 , IoOps : 0.500000 , Commit : 10.792969 , Paged : 387.195313 , NonPaged : 25.242188 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 6.352808 , Threads : 1 , Memory : 1168.748872 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 10.449775 , Threads : 25 , Memory : 1295.819912 , IoOps : 1.880851 , Commit : 194.121094 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.679826 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 5.767528 , Threads : 59 , Memory : 535.463999 , IoOps : 0.500000 , Commit : 52.648438 , Paged : 891.781250 , NonPaged : 94.593750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 2.841122 , Threads : 8 , Memory : 72.062909 , IoOps : 1.535638 , Commit : 6.246094 , Paged : 131.976563 , NonPaged : 31.703125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 129 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 1.085281 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 4.011686 , Threads : 8 , Memory : 673.238224 , IoOps : 0.500000 , Commit : 67.277344 , Paged : 523.539063 , NonPaged : 30.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 1.085281 , Threads : 10 , Memory : 25.968896 , IoOps : 1.535638 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 21 , Memory : 79.797329 , IoOps : 0.500000 , Commit : 8.132813 , Paged : 247.843750 , NonPaged : 36.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 195.969868 , IoOps : 0.500000 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 3.426403 , Threads : 6 , Memory : 158.313403 , IoOps : 0.707128 , Commit : 18.234375 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:appmodel , User : RSLAB10V2\\\\SYSTEM , PID : 1028 , CPU : 0.500000 , Threads : 7 , Memory : 59.914402 , IoOps : 1.121383 , Commit : 4.664063 , Paged : 121.398438 , NonPaged : 17.843750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 76.867624 , IoOps : 0.845213 , Commit : 7.777344 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 142.180498 , IoOps : 0.500000 , Commit : 12.949219 , Paged : 145.476563 , NonPaged : 45.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 2.841125 , Threads : 4 , Memory : 76.437935 , IoOps : 0.500000 , Commit : 10.914063 , Paged : 188.976563 , NonPaged : 11.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 2.255842 , Threads : 9 , Memory : 103.156837 , IoOps : 0.914255 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 139.485170 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : sihost.exe , User : RSLAB\\\\rs_adm , PID : 1008 , CPU : 2.841122 , Threads : 14 , Memory : 126.047593 , IoOps : 0.500000 , Commit : 5.000000 , Paged : 204.421875 , NonPaged : 18.289063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiuser.exe , User : RSLAB\\\\rs_adm , PID : 4588 , CPU : 0.500000 , Threads : 5 , Memory : 35.734577 , IoOps : 0.914255 , Commit : 5.351563 , Paged : 224.593750 , NonPaged : 20.765625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.500000 , Threads : 12 , Memory : 61.398786 , IoOps : 0.500000 , Commit : 6.878906 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 1.085281 , Threads : 11 , Memory : 134.446079 , IoOps : 0.500000 , Commit : 11.550781 , Paged : 206.398438 , NonPaged : 22.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 2.255842 , Threads : 11 , Memory : 9.601615 , IoOps : 0.5000",
"_time": "2020-11-23T15:59:24.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:59:09",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:59:09\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 2 , Memory : 47.531519 , IoOps : 0.500000 , Commit : 10.812500 , Paged : 187.585938 , NonPaged : 11.250000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1113.045429 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 2.945423 , Threads : 11 , Memory : 7.843792 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 347.289063 , NonPaged : 22.226563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 4.168137 , Threads : 57 , Memory : 66.672254 , IoOps : 8.647795 , Commit : 72.652344 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 815 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 652.417793 , IoOps : 0.500000 , Commit : 67.089844 , Paged : 434.156250 , NonPaged : 27.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 2.945423 , Threads : 25 , Memory : 1284.530785 , IoOps : 0.500000 , Commit : 193.699219 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 0.500000 , Threads : 44 , Memory : 292.611046 , IoOps : 2.602657 , Commit : 29.910156 , Paged : 583.992188 , NonPaged : 72.390625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 21.007930 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 0.500000 , Threads : 51 , Memory : 453.041652 , IoOps : 0.500000 , Commit : 51.929688 , Paged : 882.203125 , NonPaged : 92.468750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 1.722711 , Threads : 102 , Memory : 358.900488 , IoOps : 0.500000 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 2.334065 , Threads : 11 , Memory : 136.867968 , IoOps : 2.076993 , Commit : 11.765625 , Paged : 205.609375 , NonPaged : 22.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.601700 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 1.722711 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.222656 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 70.422275 , IoOps : 1.157080 , Commit : 7.769531 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 11 , Memory : 54.797186 , IoOps : 0.500000 , Commit : 8.800781 , Paged : 319.671875 , NonPaged : 27.210938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 1.111354 , Threads : 8 , Memory : 57.687827 , IoOps : 0.500000 , Commit : 6.250000 , Paged : 131.601563 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.157080 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.914259 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.843750 , NonPaged : 14.703125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 154.993072 , IoOps : 0.500000 , Commit : 18.234375 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , Memory : 52.179983 , IoOps : 0.500000 , Commit : 5.707031 , Paged : 474.703125 , NonPaged : 20.820313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 193.626105 , IoOps : 0.894248 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 20 , Memory : 67.844135 , IoOps : 0.500000 , Commit : 8.054688 , Paged : 231.843750 , NonPaged : 36.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 139.289857 , IoOps : 0.500000 , Commit : 12.945313 , Paged : 145.476563 , NonPaged : 45.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 704 , CPU : 0.500000 , Threads : 11 , Memory : 44.679940 , IoOps : 0.500000 , Commit : 4.195313 , Paged : 95.968750 , NonPaged : 17.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 21 , Memory : 143.235192 , IoOps : 0.762832 , Commit : 17.468750 , Paged : 157.453125 , NonPaged : 31.476563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 138.703916 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 12 , Memory : 38.664281 , IoOps : 0.500000 , Commit : 5.796875 , Paged : 145.710938 , NonPaged : 23.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 1.111354 , Threads : 9 , Memory : 103.117775 , IoOps : 0.697124 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.500000 , Threads : 12 , Memory : 60.187842 , IoOps : 0.500000 , Commit : 6.878906 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:appmodel , User : RSLAB10V2\\\\S",
"_time": "2020-11-23T15:59:09.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:58:54",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:58:54\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 12 , Memory : 85.734863 , IoOps : 0.500000 , Commit : 16.601563 , Paged : 493.976563 , NonPaged : 34.953125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 0.500000 , Threads : 25 , Memory : 1233.163303 , IoOps : 0.500000 , Commit : 193.699219 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 360 , CPU : 0.500000 , Threads : 9 , Memory : 8.000043 , IoOps : 0.500000 , Commit : 1.695313 , Paged : 152.656250 , NonPaged : 14.101563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 4.131433 , Threads : 57 , Memory : 343.119148 , IoOps : 12.417736 , Commit : 72.343750 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 817 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 2 , Memory : 47.531519 , IoOps : 0.500000 , Commit : 10.812500 , Paged : 187.585938 , NonPaged : 11.250000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1113.045429 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 0.500000 , Threads : 11 , Memory : 7.843792 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 347.289063 , NonPaged : 22.226563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 1.105237 , Threads : 39 , Memory : 291.282914 , IoOps : 1.487658 , Commit : 29.648438 , Paged : 583.992188 , NonPaged : 71.062500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 652.261542 , IoOps : 0.500000 , Commit : 67.089844 , Paged : 434.156250 , NonPaged : 27.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.500000 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.222656 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 19 , Memory : 133.664824 , IoOps : 1.290126 , Commit : 17.363281 , Paged : 157.234375 , NonPaged : 30.460938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 20.187613 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 0.500000 , Threads : 51 , Memory : 452.768213 , IoOps : 0.500000 , Commit : 51.898438 , Paged : 882.203125 , NonPaged : 92.468750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 8 , Memory : 57.648765 , IoOps : 0.500000 , Commit : 6.250000 , Paged : 131.601563 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 0.500000 , Threads : 11 , Memory : 134.875769 , IoOps : 1.290126 , Commit : 11.761719 , Paged : 205.531250 , NonPaged : 21.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.601700 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , Memory : 52.179983 , IoOps : 0.500000 , Commit : 5.707031 , Paged : 474.703125 , NonPaged : 20.820313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.092595 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 11 , Memory : 54.797186 , IoOps : 0.500000 , Commit : 8.800781 , Paged : 319.671875 , NonPaged : 27.210938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 704 , CPU : 0.500000 , Threads : 11 , Memory : 44.562752 , IoOps : 0.500000 , Commit : 4.175781 , Paged : 95.968750 , NonPaged : 17.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 1.105237 , Threads : 9 , Memory : 103.117775 , IoOps : 1.092595 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 193.626105 , IoOps : 0.500000 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 12 , Memory : 38.664281 , IoOps : 0.500000 , Commit : 5.796875 , Paged : 145.710938 , NonPaged : 23.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 70.422275 , IoOps : 0.829219 , Commit : 7.769531 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 20 , Memory : 67.648822 , IoOps : 0.500000 , Commit : 8.054688 , Paged : 231.843750 , NonPaged : 36.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 138.703916 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:appmodel , User : RSLAB10V2\\\\SYSTEM , PID : 1028 , CPU : 0.500000 , Threads : 7 , Memory : 38.547093 , IoOps : 0.500000 , Commit : 5.113281 , Paged : 120.414063 , NonPaged : 17.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 154.993072 , IoOps : 0.697532 , Commit : 18.234375 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 138.117975 , IoOps : 0.500000 , Commit : 12.949219 , Paged : 145.476563 , NonPaged : 45.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487c-9050-10",
"_time": "2020-11-23T15:58:54.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:58:39",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:58:39\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 2 , Memory : 47.531519 , IoOps : 0.500000 , Commit : 10.812500 , Paged : 187.585938 , NonPaged : 11.250000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1113.045429 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 3.736290 , Threads : 25 , Memory : 1233.163303 , IoOps : 0.500000 , Commit : 193.699219 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 3.736294 , Threads : 57 , Memory : 344.955096 , IoOps : 6.065340 , Commit : 72.652344 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 863 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 652.261542 , IoOps : 0.500000 , Commit : 67.089844 , Paged : 434.156250 , NonPaged : 27.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 2.441775 , Threads : 102 , Memory : 358.900488 , IoOps : 0.500000 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.613068 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 20.187613 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 0.500000 , Threads : 51 , Memory : 449.799446 , IoOps : 0.500000 , Commit : 51.871094 , Paged : 882.203125 , NonPaged : 92.468750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 1.794516 , Threads : 12 , Memory : 60.070653 , IoOps : 0.500000 , Commit : 6.878906 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 0.500000 , Threads : 11 , Memory : 135.266396 , IoOps : 1.334801 , Commit : 11.761719 , Paged : 205.609375 , NonPaged : 22.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.601700 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.500000 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.222656 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 1.147256 , Threads : 42 , Memory : 291.712604 , IoOps : 1.195668 , Commit : 29.792969 , Paged : 583.992188 , NonPaged : 71.859375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 11 , Memory : 54.758123 , IoOps : 0.500000 , Commit : 8.800781 , Paged : 319.671875 , NonPaged : 27.210938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , Memory : 52.179983 , IoOps : 0.500000 , Commit : 5.707031 , Paged : 474.703125 , NonPaged : 20.820313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 193.626105 , IoOps : 0.917401 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 154.993072 , IoOps : 0.500000 , Commit : 18.234375 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 704 , CPU : 0.500000 , Threads : 11 , Memory : 44.562752 , IoOps : 0.500000 , Commit : 4.175781 , Paged : 95.968750 , NonPaged : 17.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 70.422275 , IoOps : 0.847834 , Commit : 7.769531 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 20 , Memory : 67.648822 , IoOps : 0.500000 , Commit : 8.054688 , Paged : 231.843750 , NonPaged : 36.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 138.703916 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 12 , Memory : 38.664281 , IoOps : 0.500000 , Commit : 5.796875 , Paged : 145.710938 , NonPaged : 23.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 1.147256 , Threads : 19 , Memory : 133.664824 , IoOps : 0.778267 , Commit : 17.363281 , Paged : 157.234375 , NonPaged : 30.460938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 138.117975 , IoOps : 0.500000 , Commit : 12.949219 , Paged : 145.476563 , NonPaged : 45.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:appmodel , User : RSLAB10V2\\\\SYSTEM , PID : 1028 , CPU : 0.500000 , Threads : 7 , Memory : 38.547093 , IoOps : 0.500000 , Commit : 5.113281 , Paged : 120.414063 , NonPaged : 17.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.500000 , Threads : 9 , Memory : 103.117775 , IoOps : 0.708700 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487c-9050-104dbcd66683} , User : RSLAB\\\\rs_adm , PID : 6188 , CPU : 0.500000 , Threads : 6 , Memory : 32.492371 , IoOps : 0.500000 , Commit : 7.109375 , Paged : 226.945313 , NonPaged : 25.062500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespT",
"_time": "2020-11-23T15:58:39.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:58:24",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:58:24\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 12 , Memory : 85.734863 , IoOps : 0.500000 , Commit : 16.601563 , Paged : 493.976563 , NonPaged : 34.953125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1113.045429 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 1.062452 , Threads : 11 , Memory : 135.266396 , IoOps : 0.500000 , Commit : 11.761719 , Paged : 205.609375 , NonPaged : 22.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 4.999613 , Threads : 57 , Memory : 344.916033 , IoOps : 10.764266 , Commit : 72.652344 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 832 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 2 , Memory : 47.531519 , IoOps : 0.500000 , Commit : 10.812500 , Paged : 187.585938 , NonPaged : 11.250000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 652.261542 , IoOps : 0.500000 , Commit : 67.089844 , Paged : 434.156250 , NonPaged : 27.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.500000 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.222656 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 0.500000 , Threads : 25 , Memory : 1281.288579 , IoOps : 1.707561 , Commit : 193.699219 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 0.500000 , Threads : 51 , Memory : 449.799446 , IoOps : 0.500000 , Commit : 51.871094 , Paged : 882.203125 , NonPaged : 92.468750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 8 , Memory : 57.531576 , IoOps : 0.500000 , Commit : 6.246094 , Paged : 131.601563 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.968896 , IoOps : 1.103780 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 20.187613 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , Memory : 51.476854 , IoOps : 0.500000 , Commit : 5.707031 , Paged : 474.703125 , NonPaged : 20.820313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.500000 , Threads : 9 , Memory : 103.117775 , IoOps : 0.902520 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.601700 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 704 , CPU : 0.500000 , Threads : 11 , Memory : 44.562752 , IoOps : 0.500000 , Commit : 4.175781 , Paged : 95.968750 , NonPaged : 17.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 1.062452 , Threads : 44 , Memory : 290.970412 , IoOps : 0.835434 , Commit : 29.910156 , Paged : 583.992188 , NonPaged : 72.390625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 11 , Memory : 54.758123 , IoOps : 0.500000 , Commit : 8.800781 , Paged : 319.671875 , NonPaged : 27.210938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 193.626105 , IoOps : 0.500000 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 12 , Memory : 38.664281 , IoOps : 0.500000 , Commit : 5.796875 , Paged : 145.710938 , NonPaged : 23.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 19 , Memory : 133.625762 , IoOps : 0.768347 , Commit : 17.359375 , Paged : 157.234375 , NonPaged : 30.460938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 154.993072 , IoOps : 0.500000 , Commit : 18.234375 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.500000 , Threads : 12 , Memory : 47.492456 , IoOps : 0.500000 , Commit : 6.878906 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 0.500000 , Threads : 102 , Memory : 358.900488 , IoOps : 0.567087 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 20 , Memory : 67.648822 , IoOps : 0.500000 , Commit : 8.054688 , Paged : 231.843750 , NonPaged : 36.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 138.703916 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:appmodel , User : RSLAB10V2\\\\SYSTEM , PID : 1028 , CPU : 0.500000 , Threads : 7 , Memory : 38.547093 , IoOps : 0.500000 , Commit : 5.113281 , Paged : 120.414063 , NonPaged : 17.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsimods64.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3184 , CPU : 0.500000 , Threads : 1 , Memory : 6.164095 , IoOps : 0.567087 , Commit : 1.578125 , Paged : 70.218750 , NonPaged : 20.246094 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 70.422275 , IoOps : 0.500000 , Commit : 7.769531 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 138.196100 , IoOps : 0.500000 , Commit : 12.953125 , Paged : 145.476563 , NonPaged : 45.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487",
"_time": "2020-11-23T15:58:24.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:58:09",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:58:09\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 2 , Memory : 47.531519 , IoOps : 0.500000 , Commit : 10.812500 , Paged : 187.585938 , NonPaged : 11.250000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 652.261542 , IoOps : 0.500000 , Commit : 67.089844 , Paged : 434.156250 , NonPaged : 27.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 3.432925 , Threads : 102 , Memory : 358.900488 , IoOps : 0.500000 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 12.244871 , Threads : 57 , Memory : 343.900402 , IoOps : 5.961102 , Commit : 72.652344 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 787 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 0.500000 , Threads : 51 , Memory : 449.799446 , IoOps : 0.500000 , Commit : 51.871094 , Paged : 882.203125 , NonPaged : 92.468750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 2.455285 , Threads : 25 , Memory : 1281.288579 , IoOps : 0.500000 , Commit : 193.699219 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.851708 , IoOps : 1.514880 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 20.187613 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 1.477641 , Threads : 11 , Memory : 7.843792 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 347.289063 , NonPaged : 22.226563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 0.988820 , Threads : 11 , Memory : 135.266396 , IoOps : 1.261160 , Commit : 11.761719 , Paged : 205.609375 , NonPaged : 22.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.601700 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.989369 , Threads : 6 , Memory : 154.993072 , IoOps : 0.500000 , Commit : 18.234375 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 2.455281 , Threads : 44 , Memory : 290.657910 , IoOps : 1.134300 , Commit : 29.898438 , Paged : 583.992188 , NonPaged : 72.390625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 11 , Memory : 54.758123 , IoOps : 0.500000 , Commit : 8.800781 , Paged : 319.671875 , NonPaged : 27.210938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 138.703916 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiwebhookbroker.exe , User : RSLAB\\\\rs_adm , PID : 3684 , CPU : 0.989369 , Threads : 3 , Memory : 12.961009 , IoOps : 0.500000 , Commit : 2.300781 , Paged : 159.695313 , NonPaged : 10.773438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 193.626105 , IoOps : 0.881007 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.914259 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.843750 , NonPaged : 14.703125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 138.157038 , IoOps : 0.500000 , Commit : 12.953125 , Paged : 145.476563 , NonPaged : 45.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.989369 , Threads : 1 , Memory : 1113.045429 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 19 , Memory : 133.625762 , IoOps : 0.880580 , Commit : 17.359375 , Paged : 157.234375 , NonPaged : 30.460938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487c-9050-104dbcd66683} , User : RSLAB\\\\rs_adm , PID : 6188 , CPU : 0.500000 , Threads : 6 , Memory : 32.492371 , IoOps : 0.500000 , Commit : 7.109375 , Paged : 226.945313 , NonPaged : 25.062500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.988820 , Threads : 8 , Memory : 57.570639 , IoOps : 0.500000 , Commit : 6.250000 , Paged : 131.601563 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 69.211331 , IoOps : 0.817150 , Commit : 7.769531 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.500000 , Threads : 12 , Memory : 47.492456 , IoOps : 0.500000 , Commit : 6.878906 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 12 , Memory : 85.734863 , IoOps : 0.500000 , Commit : 16.601563 , Paged : 493.976563 , NonPaged : 34.953125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.500000 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.222656 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.988820 , Threads : 9 , Memory : 103.117775 , IoOps : 0.690290 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 12 , Memory : 38.664281 , IoOps : 0.500000 , Commit : 5.796875 , Paged : 145.710938 , NonPaged : 23.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 20 , Memory : 67.648822 , IoOps : 0.500000 , Commit : 8.054688 , Paged : 231.843750 , NonPaged : 36.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User :",
"_time": "2020-11-23T15:58:09.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:57:54",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:57:54\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 2 , Memory : 47.531519 , IoOps : 0.500000 , Commit : 10.812500 , Paged : 187.585938 , NonPaged : 11.250000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 0.500000 , Threads : 25 , Memory : 1229.960160 , IoOps : 0.500000 , Commit : 193.691406 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 2.337567 , Threads : 51 , Memory : 449.799446 , IoOps : 0.500000 , Commit : 51.871094 , Paged : 882.203125 , NonPaged : 92.468750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 12.735202 , Threads : 57 , Memory : 343.197273 , IoOps : 13.554054 , Commit : 72.859375 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 875 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 0.500000 , Threads : 1 , Memory : 1113.045429 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 1.112522 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.222656 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 8.462808 , Threads : 102 , Memory : 358.900488 , IoOps : 2.266263 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 19.875111 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 914.528668 , IoOps : 0.500000 , Commit : 93.394531 , Paged : 435.687500 , NonPaged : 27.843750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 360 , CPU : 0.500000 , Threads : 9 , Memory : 8.000043 , IoOps : 0.500000 , Commit : 1.695313 , Paged : 152.656250 , NonPaged : 14.101563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 1.725045 , Threads : 39 , Memory : 289.759468 , IoOps : 2.124962 , Commit : 29.683594 , Paged : 583.992188 , NonPaged : 71.195313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.601700 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 0.500000 , Threads : 11 , Memory : 7.843792 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 347.289063 , NonPaged : 22.226563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 19 , Memory : 133.547636 , IoOps : 1.347806 , Commit : 17.359375 , Paged : 157.234375 , NonPaged : 30.460938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 11 , Memory : 54.758123 , IoOps : 0.500000 , Commit : 8.800781 , Paged : 319.671875 , NonPaged : 27.210938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 8 , Memory : 57.531576 , IoOps : 0.500000 , Commit : 6.246094 , Paged : 131.601563 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.500000 , Threads : 9 , Memory : 103.117775 , IoOps : 1.347806 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 193.626105 , IoOps : 0.500000 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , Memory : 51.320603 , IoOps : 0.500000 , Commit : 5.707031 , Paged : 474.703125 , NonPaged : 20.820313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 1.112522 , Threads : 11 , Memory : 134.875769 , IoOps : 1.347806 , Commit : 11.761719 , Paged : 205.531250 , NonPaged : 21.781250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 20 , Memory : 67.648822 , IoOps : 0.500000 , Commit : 8.054688 , Paged : 231.843750 , NonPaged : 36.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 138.703916 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 704 , CPU : 0.500000 , Threads : 11 , Memory : 44.562752 , IoOps : 0.500000 , Commit : 4.191406 , Paged : 95.968750 , NonPaged : 17.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.851708 , IoOps : 1.206505 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 138.196100 , IoOps : 0.500000 , Commit : 12.957031 , Paged : 145.476563 , NonPaged : 45.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 12 , Memory : 38.625218 , IoOps : 0.500000 , Commit : 5.796875 , Paged : 145.710938 , NonPaged : 23.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 69.211331 , IoOps : 0.853253 , Commit : 7.769531 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487c-9050-104dbcd66683} , User : RSLAB\\\\rs_adm , PID : 6188 , CPU : 0.500000 , Threads : 6 , Memory : 32.492371 , IoOps : 0.500000 , Commit : 7.109375 , Paged : 226.945313 , NonPaged : 25.062500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svcho",
"_time": "2020-11-23T15:57:54.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:57:39",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:57:39\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 2 , Memory : 47.531519 , IoOps : 0.500000 , Commit : 10.812500 , Paged : 187.585938 , NonPaged : 11.250000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 913.981789 , IoOps : 0.500000 , Commit : 93.394531 , Paged : 435.687500 , NonPaged : 27.843750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 6.824415 , Threads : 25 , Memory : 1229.882035 , IoOps : 0.500000 , Commit : 193.691406 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 39.021474 , Threads : 57 , Memory : 341.439451 , IoOps : 92.878630 , Commit : 72.496094 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 821 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 3.949679 , Threads : 51 , Memory : 449.799446 , IoOps : 0.500000 , Commit : 51.871094 , Paged : 882.203125 , NonPaged : 92.468750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 64.894112 , Threads : 42 , Memory : 290.111032 , IoOps : 33.790791 , Commit : 29.773438 , Paged : 583.992188 , NonPaged : 71.992188 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 19.875111 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 3.374733 , Threads : 11 , Memory : 7.843792 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 347.289063 , NonPaged : 22.226563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.851708 , IoOps : 1.561061 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.601700 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 154.993072 , IoOps : 0.500000 , Commit : 18.234375 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:rpcss , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 704 , CPU : 1.649892 , Threads : 11 , Memory : 44.523689 , IoOps : 0.500000 , Commit : 4.187500 , Paged : 95.968750 , NonPaged : 17.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 7.974313 , Threads : 102 , Memory : 358.900488 , IoOps : 1.362112 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487c-9050-104dbcd66683} , User : RSLAB\\\\rs_adm , PID : 6188 , CPU : 0.500000 , Threads : 6 , Memory : 32.492371 , IoOps : 0.500000 , Commit : 7.109375 , Paged : 226.945313 , NonPaged : 25.062500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 138.703916 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 1.074946 , Threads : 5 , Memory : 30.617360 , IoOps : 0.500000 , Commit : 3.222656 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 0.500000 , Threads : 11 , Memory : 134.016389 , IoOps : 1.295796 , Commit : 11.644531 , Paged : 205.609375 , NonPaged : 22.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.500000 , Threads : 12 , Memory : 47.492456 , IoOps : 0.500000 , Commit : 6.878906 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 1.074946 , Threads : 20 , Memory : 67.531634 , IoOps : 0.500000 , Commit : 8.054688 , Paged : 231.843750 , NonPaged : 36.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 1.649892 , Threads : 24 , Memory : 138.196100 , IoOps : 1.229479 , Commit : 12.957031 , Paged : 145.476563 , NonPaged : 45.585938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 12 , Memory : 38.625218 , IoOps : 0.500000 , Commit : 5.796875 , Paged : 145.710938 , NonPaged : 23.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 12 , Memory : 85.734863 , IoOps : 0.500000 , Commit : 16.601563 , Paged : 493.976563 , NonPaged : 34.953125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 1.074946 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 193.626105 , IoOps : 0.897898 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.500000 , Threads : 15 , Memory : 51.320603 , IoOps : 0.500000 , Commit : 5.707031 , Paged : 474.703125 , NonPaged : 20.820313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 1.074946 , Threads : 1 , Memory : 1113.045429 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 1.074946 , Threads : 18 , Memory : 69.211331 , IoOps : 0.831582 , Commit : 7.769531 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiuser.exe , User : RSLAB\\\\rs_adm , PID : 4588 , CPU : 0.500000 , Threads : 5 , Memory : 29.054851 , IoOps : 0.500000 , Commit : 5.351563 , Paged : 224.593750 , NonPaged : 20.765625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 8 , Memory : 57.570639 , IoOps : 0.500000 , Commit : 6.250000 , Paged : 131.601563 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : ",
"_time": "2020-11-23T15:57:39.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:57:24",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:57:24\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 2 , Memory : 47.531519 , IoOps : 0.500000 , Commit : 10.812500 , Paged : 187.585938 , NonPaged : 11.250000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 913.981789 , IoOps : 0.500000 , Commit : 93.394531 , Paged : 435.687500 , NonPaged : 27.843750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 1.731963 , Threads : 11 , Memory : 7.843792 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 347.289063 , NonPaged : 22.226563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 2.553272 , Threads : 57 , Memory : 314.447109 , IoOps : 11.305985 , Commit : 72.589844 , Paged : 331.078125 , NonPaged : 58.015625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 797 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 0.500000 , Threads : 44 , Memory : 270.384357 , IoOps : 0.500000 , Commit : 27.867188 , Paged : 583.992188 , NonPaged : 72.390625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 1.526636 , Threads : 51 , Memory : 449.799446 , IoOps : 0.500000 , Commit : 51.871094 , Paged : 882.203125 , NonPaged : 92.468750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 0.705327 , Threads : 25 , Memory : 1281.171391 , IoOps : 1.657784 , Commit : 193.691406 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 19.875111 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 1.115983 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 2.142619 , Threads : 103 , Memory : 358.587986 , IoOps : 1.336177 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.601700 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 1.115983 , Threads : 1 , Memory : 1113.045429 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 0.500000 , Threads : 9 , Memory : 103.078712 , IoOps : 1.078892 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 11 , Memory : 54.758123 , IoOps : 0.500000 , Commit : 8.800781 , Paged : 319.671875 , NonPaged : 27.210938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 193.626105 , IoOps : 0.500000 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.705327 , Threads : 5 , Memory : 30.226733 , IoOps : 0.500000 , Commit : 3.199219 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.851708 , IoOps : 1.014571 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservice , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 956 , CPU : 0.500000 , Threads : 20 , Memory : 67.453508 , IoOps : 0.500000 , Commit : 8.054688 , Paged : 231.843750 , NonPaged : 36.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB\\\\rs_adm , PID : 2168 , CPU : 0.500000 , Threads : 6 , Memory : 154.993072 , IoOps : 0.500000 , Commit : 18.234375 , Paged : 331.984375 , NonPaged : 29.539063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 0.705327 , Threads : 11 , Memory : 135.422647 , IoOps : 0.500000 , Commit : 12.246094 , Paged : 210.171875 , NonPaged : 22.445313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.500000 , Threads : 19 , Memory : 133.547636 , IoOps : 0.950249 , Commit : 17.359375 , Paged : 157.234375 , NonPaged : 30.460938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 69.211331 , IoOps : 0.500000 , Commit : 7.769531 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 138.703916 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localsystemnetworkrestricted , User : RSLAB10V2\\\\SYSTEM , PID : 272 , CPU : 0.500000 , Threads : 12 , Memory : 38.625218 , IoOps : 0.500000 , Commit : 5.796875 , Paged : 145.710938 , NonPaged : 23.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsimods64.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3184 , CPU : 0.500000 , Threads : 1 , Memory : 6.164095 , IoOps : 0.564321 , Commit : 1.578125 , Paged : 70.218750 , NonPaged : 20.246094 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsisupervisor.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1220 , CPU : 0.500000 , Threads : 6 , Memory : 61.086284 , IoOps : 0.500000 , Commit : 7.175781 , Paged : 135.554688 , NonPaged : 14.453125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vgauthservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1252 , CPU : 0.500000 , Threads : 2 , Memory : 14.367267 , IoOps : 0.500000 , Commit : 4.976563 , Paged : 145.812500 , NonPaged : 13.156250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 360 , CPU : 0.500000 , Threads : 9 , Memory : 8.039106 , IoOps : 0.500000 , Commit : 1.695313 , Paged : 153.781250 , NonPaged : 14.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487c-9050-104dbcd66683} , User : RSLAB\\\\rs_adm , PID : 6188 , CPU : 0.500000 , Threads : 6 , Memory : 32.492371 , IoOps : 0.500000 , Commit : 7.109375 , Paged : 226.945313 , NonPaged : 25.062500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 113.820961 , IoOps : 0.500000 , Commit : 12.550781 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiclienttrayapp.exe , ",
"_time": "2020-11-23T15:57:24.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
},
{
"preview": false,
"lastrow": true,
"result": {
"RECSIZE": "32",
"WGUID": "01234567-89ab-cdef-0123-456789abcdef",
"WTIME": "2020-11-23 15:56:54",
"WTYPE": "0",
"_raw": "{\n\"table\": \"BlackBox\",\n\"WTIME\": \"2020-11-23 15:56:54\",\n\"WGUID\": \"{D417C97B-299B-44DF-B477-B23C8D74B0CA}\",\n\"WTYPE\": \"0\",\n\"RECSIZE\": \"32\",\n\"RECS\": \"[{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 5260 , CPU : 0.500000 , Threads : 2 , Memory : 47.531519 , IoOps : 0.500000 , Commit : 10.812500 , Paged : 187.585938 , NonPaged : 11.250000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : msmpeng.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1048 , CPU : 0.500000 , Threads : 25 , Memory : 1257.538443 , IoOps : 0.500000 , Commit : 193.691406 , Paged : 658.656250 , NonPaged : 77.554688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 456 , CPU : 2.951345 , Threads : 11 , Memory : 7.843792 , IoOps : 0.500000 , Commit : 2.046875 , Paged : 347.289063 , NonPaged : 22.226563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsiagent.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4896 , CPU : 9.815115 , Threads : 59 , Memory : 298.275141 , IoOps : 10.106307 , Commit : 72.347656 , Paged : 331.078125 , NonPaged : 58.812500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 788 , DiskRespTime : 0 },{ App : conhost.exe , User : RSLAB\\\\rs_adm , PID : 4736 , CPU : 0.500000 , Threads : 1 , Memory : 43.937749 , IoOps : 0.500000 , Commit : 10.363281 , Paged : 158.492188 , NonPaged : 7.789063 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dwm.exe , User : RSLAB10V2 DWM\\\\DWM-1 , PID : 800 , CPU : 0.500000 , Threads : 8 , Memory : 913.981789 , IoOps : 0.500000 , Commit : 93.394531 , Paged : 435.687500 , NonPaged : 27.843750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : explorer.exe , User : RSLAB\\\\rs_adm , PID : 2568 , CPU : 2.461073 , Threads : 51 , Memory : 448.276000 , IoOps : 0.500000 , Commit : 51.871094 , Paged : 882.203125 , NonPaged : 92.468750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : system process , User : RSLAB10V2\\\\SYSTEM , PID : 4 , CPU : 3.931885 , Threads : 103 , Memory : 378.509975 , IoOps : 2.344920 , Commit : 0.785156 , Paged : 0.500000 , NonPaged : 0.500000 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : nissrv.exe , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 672 , CPU : 0.500000 , Threads : 8 , Memory : 15.968839 , IoOps : 0.500000 , Commit : 9.898438 , Paged : 100.007813 , NonPaged : 12.976563 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : shellexperiencehost.exe , User : RSLAB\\\\rs_adm , PID : 1284 , CPU : 0.500000 , Threads : 56 , Memory : 215.657481 , IoOps : 0.500000 , Commit : 25.363281 , Paged : 620.601563 , NonPaged : 42.906250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : notepad.exe , User : RSLAB\\\\rs_adm , PID : 5656 , CPU : 1.970805 , Threads : 1 , Memory : 1113.045429 , IoOps : 0.500000 , Commit : 112.625000 , Paged : 222.632813 , NonPaged : 9.523438 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:netsvcs , User : RSLAB10V2\\\\SYSTEM , PID : 892 , CPU : 0.500000 , Threads : 39 , Memory : 280.540665 , IoOps : 1.454269 , Commit : 28.816406 , Paged : 583.992188 , NonPaged : 71.062500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : spoolsv.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1548 , CPU : 0.500000 , Threads : 13 , Memory : 24.601700 , IoOps : 0.500000 , Commit : 9.113281 , Paged : 208.539063 , NonPaged : 29.179688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : logview.exe , User : RSLAB\\\\rs_adm , PID : 860 , CPU : 0.500000 , Threads : 1 , Memory : 213.274655 , IoOps : 0.500000 , Commit : 25.378906 , Paged : 215.171875 , NonPaged : 12.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:dcomlaunch , User : RSLAB10V2\\\\SYSTEM , PID : 648 , CPU : 0.990268 , Threads : 15 , Memory : 48.156523 , IoOps : 0.500000 , Commit : 5.707031 , Paged : 474.703125 , NonPaged : 20.820313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vmtoolsd.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1176 , CPU : 1.480537 , Threads : 9 , Memory : 103.039649 , IoOps : 1.263415 , Commit : 12.914063 , Paged : 188.671875 , NonPaged : 25.343750 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : runtimebroker.exe , User : RSLAB\\\\rs_adm , PID : 1732 , CPU : 0.500000 , Threads : 11 , Memory : 54.289370 , IoOps : 0.500000 , Commit : 8.800781 , Paged : 319.671875 , NonPaged : 27.210938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : onedrive.exe , User : RSLAB\\\\rs_adm , PID : 4196 , CPU : 0.500000 , Threads : 21 , Memory : 193.469854 , IoOps : 0.500000 , Commit : 27.199219 , Paged : 527.195313 , NonPaged : 61.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : csrss.exe , User : RSLAB10V2\\\\SYSTEM , PID : 360 , CPU : 0.500000 , Threads : 9 , Memory : 8.039106 , IoOps : 0.500000 , Commit : 1.695313 , Paged : 153.781250 , NonPaged : 14.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 2592 , CPU : 0.500000 , Threads : 11 , Memory : 134.797643 , IoOps : 1.263415 , Commit : 12.246094 , Paged : 210.093750 , NonPaged : 22.046875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : wmiprvse.exe , User : RSLAB10V2\\\\SYSTEM , PID : 2820 , CPU : 0.500000 , Threads : 6 , Memory : 34.875197 , IoOps : 0.500000 , Commit : 8.472656 , Paged : 88.718750 , NonPaged : 14.570313 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchindexer.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3868 , CPU : 0.500000 , Threads : 18 , Memory : 138.703916 , IoOps : 0.500000 , Commit : 27.500000 , Paged : 231.976563 , NonPaged : 56.234375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : services.exe , User : RSLAB10V2\\\\SYSTEM , PID : 560 , CPU : 0.500000 , Threads : 5 , Memory : 30.226733 , IoOps : 0.500000 , Commit : 3.199219 , Paged : 125.898438 , NonPaged : 10.304688 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : foxitconnectedpdfservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1876 , CPU : 0.500000 , Threads : 10 , Memory : 25.851708 , IoOps : 1.136179 , Commit : 4.492188 , Paged : 186.851563 , NonPaged : 22.640625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : dllhost.exe:/processid:{3eb3c877-1f16-487c-9050-104dbcd66683} , User : RSLAB\\\\rs_adm , PID : 6188 , CPU : 0.500000 , Threads : 6 , Memory : 32.492371 , IoOps : 0.500000 , Commit : 7.109375 , Paged : 226.945313 , NonPaged : 25.062500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : searchui.exe , User : RSLAB\\\\rs_adm , PID : 6196 , CPU : 0.500000 , Threads : 21 , Memory : 121.633506 , IoOps : 0.500000 , Commit : 21.312500 , Paged : 551.187500 , NonPaged : 38.359375 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : vgauthservice.exe , User : RSLAB10V2\\\\SYSTEM , PID : 1252 , CPU : 0.500000 , Threads : 2 , Memory : 14.367267 , IoOps : 0.500000 , Commit : 4.976563 , Paged : 145.812500 , NonPaged : 13.156250 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenetworkrestricted , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 976 , CPU : 0.990268 , Threads : 19 , Memory : 133.078884 , IoOps : 1.008943 , Commit : 17.414063 , Paged : 157.234375 , NonPaged : 30.460938 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:utcsvc , User : RSLAB10V2\\\\SYSTEM , PID : 1840 , CPU : 0.500000 , Threads : 12 , Memory : 47.492456 , IoOps : 0.500000 , Commit : 6.878906 , Paged : 343.148438 , NonPaged : 22.507813 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:localservicenonetwork , User : RSLAB10V2\\\\LOCAL SERVICE , PID : 1064 , CPU : 0.500000 , Threads : 24 , Memory : 111.008445 , IoOps : 0.500000 , Commit : 12.539063 , Paged : 142.726563 , NonPaged : 40.937500 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsimods64.exe , User : RSLAB10V2\\\\SYSTEM , PID : 3184 , CPU : 0.500000 , Threads : 1 , Memory : 6.164095 , IoOps : 0.627236 , Commit : 1.578125 , Paged : 70.218750 , NonPaged : 20.246094 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : svchost.exe:networkservice , User : RSLAB10V2\\\\NETWORK SERVICE , PID : 396 , CPU : 0.500000 , Threads : 18 , Memory : 69.133205 , IoOps : 0.818090 , Commit : 7.769531 , Paged : 156.148438 , NonPaged : 40.421875 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : lsass.exe , User : RSLAB10V2\\\\SYSTEM , PID : 568 , CPU : 0.500000 , Threads : 8 , Memory : 57.531576 , IoOps : 0.500000 , Commit : 6.246094 , Paged : 131.601563 , NonPaged : 30.265625 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : mmc.exe , User : RSLAB\\\\rs_adm , PID : 5304 , CPU : 0.500000 , Threads : 12 , Memory : 85.734863 , IoOps : 0.500000 , Commit : 16.601563 , Paged : 493.976563 , NonPaged : 34.953125 , HardFaults : 0 , LatencyAvg : 0 , NetTraffic : 0 , DiskRespTime : 0 },{ App : taskhostw.exe , User : RSLAB10V2\\\\SYSTEM , PID : 4348 , CPU : 0.",
"_time": "2020-11-23T15:56:54.000+0000",
"host": "example-host",
"index": "systrack",
"linecount": "7",
"meta": "truncated",
"punct": "{\"\":_\"\",\"\":_\"--_::\",\"\":_\"{----}\",\"\":_\"\",\"\":_\"\",\"\":",
"source": "SysTrack",
"sourcetype": "_json",
"splunk_server": "splunk-server.example.com",
"table": "BlackBox"
}
}
]
The following image shows the data in Splunk's Table View.
On This Page