Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
975 results
Sorted by:
10-11-2019
11:52 PM
1 Karma
Sorry for not spelling the problem out in the title, I'm a bit stuck even for the correct language to describe my puzzle. It's best I explain...
I have one index full of log data like the followin...
06-24-2020
12:03 AM
I want to correlate the login events of aws console to login events of cyberark. people login to aws console via cyberark. so need to correlate the login events of aws with cyberark, that i...
- Tags:
- search
05-02-2019
10:33 AM
...orts 20,21,69) with a specific amount of data ( x mbs or y bytes ) using our Stream data. I'm not really sure how to build a correlation search to accomplish that but in that, I have a search I've built f...
01-02-2020
10:06 AM
Hi ,
How to create custom correlation search is ES app. For eg: Traffic to suspicious country
11-27-2018
01:26 PM
1 Karma
Hello,
I'm fairly new to Splunk and I've been playing around with some of the security correlation rules and needed some guidance on one.
Below is a search that shows me the user, signature, s...
08-15-2019
12:07 PM
I'm looking at a sample correlation search called Abnormally High Number of HTTP Method Events By Src -
| tstats `summariesonly` count as web_event_count from datamodel=Web.Web by Web.src, W...
10-09-2019
11:26 AM
index=email
| transaction mid icid
| stats count(recipient) as receipentcount by sender
| where receipentcount>100
I am using this in a correlation search but it is returning only s...
09-18-2019
01:40 PM
I am doing a deep dive to understand the internals of a correlation search within ES so that I can justify creating new correlated searches with adjusted thresholds and/or explicit asset exceptions....
04-13-2020
01:43 PM
I have a correlation search for detecting when host stops sending logs. I enabled the search and set the title as below but when I receive the notables, my results show the hostname of the search h...
08-04-2017
06:10 AM
...hem. I would like to know if there is another way to correlate this situation and\or how can I get rid of the redundant events.
For the scenarios 1 to 4, I need to make sure in each scenario that t...
