Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to build a correlation search for direct web traffic without proxy?

SIEMStudent
Path Finder
‎04-20-2022 06:22 AM

Hi Splunkers, 

I'm facing the following task: I have to build a correlation search that check users that go on a web page without using proxy or, in other words, direct traffic that no pass throug it. 

The rule itself is not a problem; i could perform some checks, for example if the host is not a proxy. My question is: using Data Model Web, because one bound is to use DM if possible, how can I distinguish direct web traffic by proxy one? I mean, which field, or fields, am I supposed to check to identify direct traffic from proxy one using this DM? Is this action possible with Web DM?

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

smurf
Communicator
‎04-21-2022 01:56 AM

Hi,

if you know that you can find it based on a host, you can use it in the data model too.

| tstats count from datamodel=Web where host=not_a_proxy

 

View solution in original post

Reply
Solved! Jump to solution
Solution

smurf
Communicator
‎04-21-2022 01:56 AM

Hi,

if you know that you can find it based on a host, you can use it in the data model too.

| tstats count from datamodel=Web where host=not_a_proxy

 

Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...