cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
phatlenix
New Member
Member since: ‎02-16-2011
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-16-2011
Activity Feed
View All

Re: Generate report by IP from DDoS Attacks

by in Reporting
‎02-16-2011 11:46 PM
‎02-16-2011 11:46 PM
Yea, that's what I figured but after making sure I wasn't retarded... I renamed by field to 'xxx' rather than 'ip' and it worked like a charm. Perhaps "ip" is reserved/cannot be used 🙂 Thanks for the help though ... View more

Generate report by IP from DDoS Attacks

by in Reporting
‎02-16-2011 09:45 PM
‎02-16-2011 09:45 PM
We keep getting DDoS attacks that target our web applications. I've setup Splunk and have all of our servers forwarding logs via syslog-ng which works like a charm. I also setup an extracted field called "ip" that extracts the ip address from the apache logs which also works great. I can't seem to figure how do I create a timeline chart with the count of each hit/event so I can determine who is at the top of the list. When I "generate report.." that works fine, but how do I use my custom field as a search query? I've used: sourcetype="access_combined" count(ip) and can't get any results. Any tips? Thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM