Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How does the Internal Spammers dashboard work ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are three settings which can be modified in the dashboard but we haven't been able to find and definitions as to what exactly the parameters are related to and how they interact.
Minimum Messages (defaults to 80)
Message Rate (defaults to 80)
(Time)(defaults to All Time)
Opening the dashboard in a Search reveals this: 'internal-spammer'(80,80)'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Finally found what I was looking for - Internal Spammers is a Macro requiring 2 Arguments. Now that I can see the search definition it makes a bit more sense.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Finally found what I was looking for - Internal Spammers is a Macro requiring 2 Arguments. Now that I can see the search definition it makes a bit more sense.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Running the internal spammers with parameters (60,60) report for a time period of 60 minutes does this:
Has any account sent to more than 60 people in the previous 60 minutes?
If so, have they sent messages at a rate of more than 60 messages per minute?
If so, send an alert.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jmccreery
If you could provide more insight on your understanding beyond the definition for folks who might still be in the dark about this, feel free to share 🙂
Patrick
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
