created context using step 4 in link https://docs.splunk.com/Documentation/ES/5.1.0/Admin/Extremesearchexample and we can see it using "| xsdisplaycontext failures_by_src_count_1h in a...
The Splunk App for Enterprise Security ships with extreme search commands. I would like to see drastic changes in occurrences of ids signatures. ES already ships the query to populate the context: co...
In extreme search, i would like to know what this statement means and how it is derived by Splunk
"xwhere count from count_by_signature_1h in ids_attacks by signature is above medium"
The above...
So having an issue with extreme search. I have a DD context generated for users sending emails based off their identity_id which populates fine. checked it via the xsdisplaycontext on the ID and g...
...his search:
| xsdisplaycontext from count_by_dest_port_1d in network_traffic by 9571
Question Why are those the thresholds so low (20.8+ is 'above extreme') , if the activity from the last 30 d...