https://community.splunk.com/t5/Splunk-Search/Splunk-search-query/m-p/551736#M156572 <P>Can you share some anonymised raw events from your index so we can see what data you are dealing with?</P> Sun, 16 May 2021 08:06:59 GMT ITWhisperer 2021-05-16T08:06:59Z https://community.splunk.com/t5/Splunk-Search/Splunk-search-query/m-p/551730#M156569 <P>To obtain "list of suspicious IP addresses that attempt to make an unauthorized web connection having&nbsp;a duration of longer than 1 minute" using Splunk search query?</P> Sun, 16 May 2021 05:46:06 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-search-query/m-p/551730#M156569 Sidmi09 2021-05-16T05:46:06Z https://community.splunk.com/t5/Splunk-Search/Splunk-search-query/m-p/551732#M156570 <P>What data do you already have ingested and indexed in splunk that might support such a search?</P><P>What criteria are you using to determine suspiciousness?</P><P>What criteria are you using to determine whether the connection is unauthorised?</P><P>Are unauthorised connections of less than a minute to be ignored/unlisted?</P> Sun, 16 May 2021 06:16:04 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-search-query/m-p/551732#M156570 ITWhisperer 2021-05-16T06:16:04Z https://community.splunk.com/t5/Splunk-Search/Splunk-search-query/m-p/551735#M156571 <P>Using&nbsp;index=botsv2” in all searches. Could you help with completing some questions asked to be completed!!!</P> Sun, 16 May 2021 08:00:55 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-search-query/m-p/551735#M156571 Sidmi09 2021-05-16T08:00:55Z https://community.splunk.com/t5/Splunk-Search/Splunk-search-query/m-p/551736#M156572 <P>Can you share some anonymised raw events from your index so we can see what data you are dealing with?</P> Sun, 16 May 2021 08:06:59 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-search-query/m-p/551736#M156572 ITWhisperer 2021-05-16T08:06:59Z