cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Carlo16
Engager
Member since: ‎03-30-2021
‎04-01-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-30-2021
View All

Re: How to search if a user received an email from...

by in Splunk Enterprise Security
‎04-01-2021 03:36 PM
‎04-01-2021 03:36 PM
Thanks @96nick ! that did the trick. ... View more

Re: How to search if a user received an email from...

by in Splunk Enterprise Security
‎03-30-2021 02:31 PM
‎03-30-2021 02:31 PM
Thanks Nick, To summarize, you reckon the query should look like: index=emailgt "user1@domain.com" [|inputlookup baddomains.csv | fields domains | format] ?? Didn't get much output from that query ... View more

How to search if a user received an email from a m...

by in Splunk Enterprise Security
‎03-30-2021 12:08 PM
‎03-30-2021 12:08 PM
Hi Splunk Experts, I'm a newbie to splunk and have been tasked with finding out if a couple of our users (e.g user1@domain.com, user2.....) received malicious emails from a list of domains in that i have bow created a lookup (baddomains.csv) table for. We have an index (index=emailgt) but the challenge is preparing a search query that would parse that index to the lookup table  (baddomains.csv) and then to match if any of the users interacted with these bad domains.   Thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-01-2021 06:58 PM