Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Query for Alert_identification

adm_rashi
New Member
‎04-02-2019 11:50 PM

Hello All,

I tried the below query and got the results as well but my concern is who is modifying, deleting or creating new alerts?

How can I search about existing alerts in my Splunk environment?

Thanks in advance!!

QUERY:
index=_internal sourcetype=splunkd_access
(method=POST OR method=DELETE)
(user!=splunk-system-user user!=-)
(uri_path=/servicesNS/* uri_path!="/user-prefs/" uri_path!="/servicesNS////jobs//control" uri_path!=/servicesNS//mobile_access )
| replace "/ui/views" with "/ui_views", "/props" with "*", "/distributed/peers*" with "/distributed_peers", "/server/serverclasses" with "/server_class" in uri_path
| where mvcount( split( uri_path , "/" ) ) > 6
| eval activity = case( method=="POST" AND like( uri_path , "%/acl" ) , "Permissions Update", method=="POST" AND NOT like( uri_path , "%/acl" ) , "Edited" , method="DELETE" , "Deleted" )
| rex field=uri_path "/servicesNS(/[^\/]+){3}/(?[^\/]+)/(?[^\/]+)"
| eval object_name = urldecode( object_name )
| table _time, user, object_name, object_type, activity|

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...