cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
therevenant
New Member
Member since: ‎12-27-2018
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-27-2018
View All

Installing Boss of the SOC (BOTS) Investigation Wo...

by in Splunk Search
‎12-31-2018 03:05 PM
‎12-31-2018 03:05 PM
Despite the number of links: https://www.splunk.com/blog/2018/05/25/boss-of-the-soc-bots-investigation-workshop-for-splunk.html One first installs the app: https://splunkbase.splunk.com/app/3985/ You are then directed to Copy/Move the entire extracted BOTS directory into the $SPLUNK_HOME/etc/apps directory. How can I find the exact path for my own environment? This directory does not appear to exist. and secondly the dataset: http://explore.splunk.com/BOTS_1_0_datasets For which you must register. It will take you to a GitHub link. Then what? ... View more

Re: Translating Business Requirements into Syntax

by in All Apps and Add-ons
‎12-28-2018 09:21 AM
‎12-28-2018 09:21 AM
I guess at this point, it would be useful in getting your insight. If you want to understand a new splunk environment, what are things you look for? What searches do you generally perform? index=* | stats values(index) sourcetype=* |stats values(sourcetype) What else? ... View more

Re: Translating Business Requirements into Syntax

by in All Apps and Add-ons
‎12-27-2018 06:56 PM
‎12-27-2018 06:56 PM
If you wanted to search for quarantined files though, how is that queried through Splunk? ... View more

Translating Business Requirements into Syntax

by in All Apps and Add-ons
‎12-27-2018 01:19 PM
‎12-27-2018 01:19 PM
If you were to query the following: the total number of quarantined files for a particular End point software What does that translate to you syntax wise? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM