Splunk Search

Count of specific event

havatz
Explorer

HI all,

I have this rule:

"Unapproved Port Activity Detected" - I know this rule creates many alerts, how can i find the daily count of this specific event? and what is trigger?

 

Labels (1)
0 Karma

thambisetty
SplunkTrust
SplunkTrust

You can find details in index=notable

to find number of notables triggered for that correlation rule use below query.

index=notable source=*Unapproved Port Activity Detected
| timechart span=1d count

————————————
If this helps, give a like below.
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...