Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
1,000 results
Sorted by:
01-05-2021
07:10 AM
Hello, Our environment has this linux server that continually get's hit with Brute force attacks. I am trying to figure out where they are coming from. Since our servers are behind a nated firewall ...
06-24-2020
12:03 AM
I want to correlate the login events of aws console to login events of cyberark. people login to aws console via cyberark. so need to correlate the login events of aws with cyberark, that i...
- Tags:
- search
3 weeks ago
I have 2 indexes, one called linux and another called firewall, how can I correlate both indexes to determine if the src field (of the linux index) is equal to the UserIP field (of the firewall i...
Labels
- Labels:
-
eval
-
field extraction
-
stats
a month ago
...ther than “success” in our ldap logs: index=ldap sourcetype="openldap:access" err!=0 Unfortunately, we can't find a way correlate this event with other events in order to find the username a...
Labels
- Labels:
-
using Splunk Enterprise
03-10-2021
03:13 AM
Hello, Having defined multiple alerts before starting to use Enterprise Security, is there a way to convert the existing alerts to correlation searches ? Instead of sending emails as a...
Labels
10-11-2019
11:52 PM
1 Karma
Sorry for not spelling the problem out in the title, I'm a bit stuck even for the correct language to describe my puzzle. It's best I explain...
I have one index full of log data like the followin...
11-25-2020
11:56 AM
...vents in one source and then correlate that with another source. So I have two sources which I've given sample sources of at the bottom of this post. For each ID listed there is data in TestPOAM.csv a...
Labels
- Labels:
-
join
-
stats
-
transaction
08-15-2019
12:07 PM
I'm looking at a sample correlation search called Abnormally High Number of HTTP Method Events By Src -
| tstats `summariesonly` count as web_event_count from datamodel=Web.Web by Web.src, W...
05-02-2019
10:33 AM
...orts 20,21,69) with a specific amount of data ( x mbs or y bytes ) using our Stream data. I'm not really sure how to build a correlation search to accomplish that but in that, I have a search I've built f...
11-27-2018
01:26 PM
1 Karma
Hello,
I'm fairly new to Splunk and I've been playing around with some of the security correlation rules and needed some guidance on one.
Below is a search that shows me the user, signature, s...
