Hello,
I am new to Splunk and I need to get a report showing Firewall transactions with source IP andsource port, destination IP anddestination port in a table format.
Please help and advice
...ool called Varonis DatAlert and is stored in the Windows Event log and we want to be able to use this for custom Ransomware alerting.
The field from the Windows Event log called Additional_Data and I w...
Good Day!
Given the following data...
src dst
1.2.3.4 9.8.7.6
1.2.3.4 9.8.7.6
1.2.3.4 9.8.7.6
4.3.2.1 6.7.8.9
1.2.3.4 5.6.7.8
I'd like to display a table s...
Hi, I'm attempting to build a query to find destination IP addresses that became source IPs for traffic in a 5min window. What is the best way to do this? Given that it's IDS data, I d...
I wrote this Splunk search that gives me the lat and lon for both the destination IP address andsource IP address based on each IP that comes into our system. I would like to be able to take this data...
I am receiving Syslog data from the firewall and I would like to send a subset of it to the nullQueue.
The issue I am having is that I have two set values (action and srcip) but 6 values for t...
Hi All, I want to create an SPL query that first returns data by matching the destination IP address from Palo Alto logs. Then, according to the destination IP, it will resolve the actual destin...
...uotes to show the end of the line (maybe)?
Example:
"date time stamp","user","internal ip address",""
So how do I create the custom event types to get the source anddestination IP Addresses....
Using syslog data, how do I find if 3 systems go to a common webpage in a 48 hour period?
I have 3 IP sources with OR between them in a search...
Do you pipe this to associate and find the destin...