×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
AidanMarkSmith
Observer
Member since: ‎03-21-2022
‎09-08-2022
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-21-2022
View All

Re: Remove and IP Range from a Search

by SplunkTrust in Splunk Search
‎08-19-2022 03:10 AM
‎08-19-2022 03:10 AM
Are you using the correct range? Also try to change the last octet from 0 t0 1 Check your network range CIDR notation in here: https://www.ipaddressguide.com/cidr ... View more

Re: Filter specific Events from Use Case

by SplunkTrust in Splunk Search
‎08-05-2022 05:12 AM
‎08-05-2022 05:12 AM
I should think it's a matter of testing the UserAgent value. index=appext_o365 `o365_management_activity` Workload=AzureActiveDirectory UserAuthenticationMethod=* status=failure UserAgent!="BAV2ROPC" | stats count earliest(_time) AS firstTime latest(_time) AS lastTime values(UserAuthenticationMethod) AS UserAuthenticationMethod values(UserAgent) AS UserAgent values(status) AS status values(src_ip) AS src_ip by user | where count > 10 | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` | `o365_excessive_authentication_failures_alert_filter` ... View more

Re: How to create dashboard that will closely moni...

by in Splunk Enterprise Security
‎03-22-2022 07:42 AM
‎03-22-2022 07:42 AM
This app does what you need https://splunkbase.splunk.com/app/4240/   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-08-2022 03:46 AM