Splunk Enterprise Security

Can you help me with an extreme search problem I'm having on Splunk Enterprise Security?

chrischen2018
New Member
  1. Dynamic threshold for the Concept: min, low, high, extreme. Are there numerical values in each of the semantic terms? if yes, how do i modify them? If the modifications are to create our own custom semantic terms, then how do i create my own custom semantic terms?

  2. I understand that the Domain: requires a minimum, a maximum, and a total count of events. once i have the output for total count events (runs by a scheduled search) which will be a numerical value. How does this total count numerical value correlate to the concept OR to the context OR the extreme search itself?

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...