Dear All, Thank you so much for the response. I am extremely sorry as I made it very difficult by sharing the whole Use Case. Actually, the requirement here is as follows: 1. If an email comes wh...
See more...
Dear All, Thank you so much for the response. I am extremely sorry as I made it very difficult by sharing the whole Use Case. Actually, the requirement here is as follows: 1. If an email comes which was never seen before, we investigate and when confirmed that it is legit, we should whitlelist it 2. If any email comes from the same domain, then we shouldn't get any alert (depending on the throttling value) 3. If an email comes from a new domain, again that's not seen previously, then we should get an alert in the Splunk. After that, we repeat the step 1. Is it possible for you to help me with a query to satiate this requirement? I tried my level best but it doesn't seem to be working. I would really appreciate all the help and support. Regards, Anoop