×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
sanikuriakose12
New Member
Member since: ‎11-21-2016
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-21-2016
Activity Feed
View All

how to add a threat_score in splunk search

by in Splunk Search
‎11-21-2016 10:59 PM
‎11-21-2016 10:59 PM
Hi I have to creat a total_threat_score field which will be the total of all other score fields like if action==allowed it should add a new field called score and add 1 to it...then if bytes_in>100000 then add +1 to that score field.. index=* sourcetype=netscreen:firewall | eval score1=1 | where byte_in>10000| eval score2=score1+1 | where bytes_out>1000 | eval score3=score2+1 | where action="allowed" this query is not putting results for action=allowed is this the right way to do? please help ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM