...false notable event(alert) . The scenarios are all explained below along with correlation parameters and splunk query
tag=sophos_malware sourcetype="sophos:threats"| eval d...
I want to create an alert that triggers when a source type doesn't exist in a lookup table (e.g. srctype.csv). But I'm not sure how to create the search string for this. The fields I'm using in the s...
Hi,
I have these events from where I calculate response time for the particular ping. The events are generated randomly and not at any particular time. So, I want to create an alert in such a w...
Greetings, I'm setting up an alertand I noticed that for each alerttrigger, only 1 of each triggertype is allowed. For example, you can select 1 email and log 1 event. But once I c...
Hi guys I got a problem with the results from the triggered alerts and I really need your help!
I have some alerts in Splunk and I want to know which alert is triggered and Why. So what I have d...
My requirement, is to run this alert with a time range of 12 hours and send email twice a day (every 12 hour) based on what it finds. Here is my configuration, Cron Expression : * */1...
...alue - src=$result.src$, Suppress triggering for - 20-minutes Still I am getting alert for first row from result,Not sure what I am missing here to get other rows alerts. If you can see I have s...
...arliest=@d latest=now ("EventCode=675" OR ("EventCode=672" ANDType="Failure Audit")) OR (EventCode=4771 AND "Audit Failure") NOT (User_Name="*$" OR Account_Name="*$") NOT Failure_Code=0x19 | eval "User A...
...4,ACTION TYPE=Process started 2021-03-24T14:05:21.54 STATUS=Successful,ACTIVITY AT=2021-03-24T14:05:21,TYPE=Process finished Im using the below query to track the same but it is triggering an alert...