Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to generate a search to monitor Palo Alto firewall logs?

yashwanth_g_pra
Observer
‎12-26-2016 05:48 AM

Can someone help out with a search for the below context:

1) Need to get all the public IPs having blocked traffic (with blocked log count >100 )
2) IPs identified in step 1 should also have an allowed connection(count>1) through the firewall.

Please let me know the search? This search need to be used for Palo Alto Firewall logs. Thanks in advance.

0 Karma
Reply

mdessus_splunk
Splunk Employee
Splunk Employee
‎12-26-2016 08:25 AM

Do you mean something with that kind of logic:

tag=network 
| stats count(eval(action=="failure")) as failure, count(eval(action=="success")) as success by src
| search failure > 100 success > 1
0 Karma
Reply

alemarzu
Motivator
‎12-26-2016 07:57 AM

Hi there,

Do you mind sharing some sample data to work with ?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...