Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Extreme search

Meena_0627
New Member
‎09-01-2016 05:05 AM

In extreme search, i would like to know what this statement means and how it is derived by Splunk

"xwhere count from count_by_signature_1h in ids_attacks by signature is above medium"

The above applies for src, dest_port etc. I wanna know how "medium" is calculated,

Tags (2)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎09-01-2016 08:17 AM

from - https://answers.splunk.com/answers/294454/splunk-app-for-enterprise-security-how-to-debug-xs.html
To view a context, you can use the command "xsDisplayContext". In the example you have above, you would run this search command:

   | xsDisplayContext 'count_by_signature_1h' in 'ids_attacks' by  'xy signature'

also please check this app - Extreme Search Visualization
https://splunkbase.splunk.com/app/2855/

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...