Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
67 results
Sorted by:
06-06-2018
08:40 AM
I am using Splunk ES and trying to match my IDS logs to the Intrusion Detection data model. I thought I did all preparatory steps required but when clicking in the ES app Search > Datasets &g...
07-28-2021
12:10 PM
...he dashboard uses is below. | tstats summariesonly=true allow_old_summaries=true count from datamodel=Intrusion_Detection.IDS_Attacks where * IDS_Attacks.severity="*" by IDS_Attacks.signature...
Labels
- Labels:
-
tstats
05-09-2016
08:16 AM
10-04-2021
05:56 AM
Hi All , Can some one help me understand why similar query gives me 2 different results for a intrusion detection datamodel . Only difference bw 2 is the order . Query 1: | tstats s...
- Tags:
- intrusion detection
Labels
- Labels:
-
tstats
08-10-2010
02:09 AM
Splunk is currently indexing the logs for all of my companies switches and routers. It's a mishmash of Dell and Cisco devices. Is there an application for Splunk ideal for alerting when rogue devices...
- Tags:
- intrusion
- monitoring
07-19-2017
12:03 AM
Hello All,
I am having an issue after upgrading our ES app from 4.0.0 to 4.5.2. Currently i am not getting the events in the ES, but if i run the following search "| datamodel Intrusion...
- Tags:
- splunk-enterprise
06-16-2016
01:25 PM
1 Karma
This is more of question for my understanding...
In the examples section of CIM Add-on manual (for OSSEC) there is a statement that the Intrusion Detection data model requires the tags ids, a...
01-31-2016
05:21 PM
The current definition for this field is this:
IDS_Attacks| user | string | The user involved with the intrusion detection event.
My data source can generate multiple user names related to an intrusion...
08-28-2015
12:08 PM
I want to create a single value chart to illustrate total intrusion detection events, however, I want to limit the results to our IPS threat events and exclude our firewall threat events. Is this p...
07-30-2019
12:24 PM
In ES, the constraint for Intrusion Detection is ( cim_Intrusion_Detection_indexes ) tag=ids tag=attack.
What is the tag=ids part?
