URLs by host

waJesu · ‎10-10-2024

I need a query that lists URLs a particular host has reached out in a particular time e.g in the last 24 hours. Please help

gcusello · ‎10-10-2024

Hi @waJesu ,

if host is the host sending the logs and url is a fied in your logs, youcould run something like this:

index=your_index sourcetype=your_sourcetype earliest=-24h latest=now host=your_host
| stats count BY URL

obviously this search depends on the extracted fields.

Ciao.

Giuseppe

waJesu · ‎10-10-2024

Thank you for your prompt response and help. Logs are coming from other sources e.g firewall. Maybe I should have used hostname/computername that is reaching out to those URLs

gcusello · ‎10-10-2024

Hi @waJesu ,

exactly define your requirement and match it to your fields, then it's easy to use commands.

Ciao.

Giuseppe

URLs by host

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

URLs by host

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future