Running into an issue with the "Substantial Increase In Port Activity" correlation search in ES. Essentially this search looks at network traffic and returns a count of how many times a specific des...
...ays has an median of 33? Does it relate to me only having activity on 19 of those 30 days?
The daily content gen is using xscreateddcontext (not xsUpdateDDContext) - I've been assuming that would d...
Hi,
How to change the Splunk ES context count_30m to 1 week and only limited to Deny traffic? I need to create correlation search for deny traffic exceed the average of previous week DENY Traffic ...