Alerting
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can anyone please help to create a DOS/DDOS alert without using any application in Splunk?

mlm
Explorer
‎02-03-2023 08:09 AM

Hello guys,

Can anyone please help me to create a DOS/DDOS alert without using any application in splunk. 

For example: 

if source IPs sending thousands of TCP packets simultaneously within the 15-20 minutes or so.  

I can't seem to find any docs that related to this.

TIA

Reply

marioespbaires
Loves-to-Learn
‎10-31-2023 02:41 PM

Hello there,

did you find how to do it? if so, may you share it? 😄 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-02-2023 05:09 AM
Hi
To getting help you must 1st tell what you have on your splunk. Describe your log events, indexes etc.
This is doable if/when you have suitable data in splunk.
r. Ismo
0 Karma
Reply
Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

Splunk is excited to announce new releases that empower ITOps and engineering teams to stay ahead in ever ...
Top