×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
j0hnn1ck
Loves-to-Learn
Member since: ‎11-16-2020
‎05-14-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-16-2020
View All

Re: How to search suspicious user-agent in web req...

by in Splunk Search
‎11-23-2020 08:29 PM
‎11-23-2020 08:29 PM
Thanks. Now error is gone but my query is not show any result.   I tested by adding a word "java" into my bad_user_agent list. Result is 0 even if user_agent field have a word "java".   Or if you have another solution for my task, please feel free to tell me. Thank you. ... View more

Re: How to search suspicious user-agent in web req...

by in Splunk Search
‎11-22-2020 06:47 PM
‎11-22-2020 06:47 PM
It always show this error.   Lookup definition: Lookup table file: Lookup file content: I already extracted user_agent field from the log.   ... View more

How to search suspicious user-agent in web request...

by in Splunk Search
‎11-16-2020 11:43 PM
‎11-16-2020 11:43 PM
I put web request logs into Splunk. I did a lookup csv file that included suspicious user-agents characters like below. bad_user_agent nmap python java ... I need alert if user_agent field in web request log contains any word in csv file. How can I do a query? Example: user_agent="Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36" --> no alert user_agent="Java/14.0.2" --> ALERT user_agent="Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" --> ALERT Thank you. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-14-2021 02:24 AM