Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you help me with the following firewall alert trigger?

CreieR
New Member
‎10-08-2018 11:42 AM

I got the below search and I want to create an alert that would trigger:
1. when the total per day is bigger than X
2. When the total per day is two times bigger than the second value
3. when the average for a week is two times bigger for that user, or overall.

index="pan_logs" action=allow  
| stats  count sum(eval(bytes_received/1000000000)) as bytesReceivedGB  sum(eval(bytes_sent/1000000000)) as bytesSentGB sum(eval(bytes/1000000000)) as TotalGB  by user          
| sort  -TotalGB

Thank you !

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...