Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to identify an 'Upload' in search?

thomashigginson
Path Finder
‎06-11-2014 12:34 PM

I'm trying to search for logs relating to an upload of data. For example, a computer uploads a file to dropbox or some external server. What is a keyword used to search and identify that log?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎06-11-2014 01:59 PM

This depends entirely on what kind of events your logs have related to this and what knowledge objects you have created that can be used for identifying various events. It is not as simple as providing one single keyword. In order for us to be able to give you useful answers, you need to provide much more details on what your logs look like, what different scenarios you're looking at and what tags etc you've built for identifying the events in question.

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎06-11-2014 01:59 PM

This depends entirely on what kind of events your logs have related to this and what knowledge objects you have created that can be used for identifying various events. It is not as simple as providing one single keyword. In order for us to be able to give you useful answers, you need to provide much more details on what your logs look like, what different scenarios you're looking at and what tags etc you've built for identifying the events in question.

Reply
Solved! Jump to solution

Ayn
Legend
‎06-11-2014 02:54 PM

No, this would have to be tracked by intermediate devices such as a proxy. If you want to keep better track of a whole chain you would need some kind of DLP tool. Splunk is only as good as the input you feed it, so if you don't have logs providing enough information about that a document was uploaded somewhere, for instance, then Splunk won't be able to magically get that information for you.

Reply
Solved! Jump to solution

thomashigginson
Path Finder
‎06-11-2014 02:22 PM

To be more specific, documents(primarily txt documents) uploaded from a computer through the network through the server through the internet to an ip. Is there any Windows event log that signifies data is being copied and uploaded?

Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...