is this app still OK for current Splunk versions (6.5.2 for instance) ?
i just tried it with 7.0.0. Works like a swiss clock. Will update it to flag that it works.
index=_internal | head 1 | eval clientip="22.214.171.124" | lookup threatscore clientip | table clientip, threatscore
Should be a threatscore higher then 0 (currently 61).
View solution in original post