×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Fallingacorn
Engager
Member since: ‎06-21-2014
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 4
Karma Received 0
Member Since ‎06-21-2014
Activity Feed
View All

Re: What does user="-" mean?

by in Security
‎12-01-2014 10:28 AM
‎12-01-2014 10:28 AM
What logs did you see this happen in? Does the log contain any other information about the connection? You might be able to use something like a source IP address to assist in attribution. ... View more

Show events that occur in particular order

by in Splunk Search
‎08-19-2014 01:37 PM
‎08-19-2014 01:37 PM
Hi all, I'm fairly new to splunk and was wondering if someone could point me in the direction I need to go. I'm having trouble with making searches that will show when event A occurs and then event B occurs after within a time frame. The after part is crucial as the inverse occurrence is less important to us. Some examples: A system has a log in the antivirus malware index then within a short period of time has over 100 blocked websites (logs in proxy index) A system has downloaded a file (logs in proxy index) then within a short period of time has over 100 blocked websites (logs in proxy index) A system has a log in the ids index then within a short period of time has excessive blocks on the firewall (logs in firewall index) I don't need help formulating the pieces of the search, such as how to find if there are 100 blocked sites or if a file was downloaded. The bigger issue is how do I say if event A and after event B occurs within a specific time range. Thanks, Kim ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to