cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
zeeshantayyab
Loves-to-Learn
Member since: ‎04-27-2022
‎04-28-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-27-2022
Activity Feed
View All

Re: Splunk Query about Port Scanning attack attemp...

by in Splunk Search
‎04-28-2022 12:37 AM
‎04-28-2022 12:37 AM
hi @gcusello  Thanks for helping me. please guide me more on how we can add the destination IP as well in this query. ... View more

Splunk Query about Port Scanning attack attempts

by in Splunk Search
‎04-28-2022 12:18 AM
‎04-28-2022 12:18 AM
Hi Team, Please help me out in this case. I am searching the Port Scanning attack attempts by the following query. index="firewall" | stats dc(destination_port) as pcount by source_ip | where pcount > 500 It Shows me the results in forms only like sorce_ip is 145.132.11.11 and p count 777. But I want the results in the form of  Sorce_ip      sorce_port     destination_ip      destnation_port      pcount So what will be the query in this regard? Waiting for your kind reply. ... View more

Re: Search to display port scan attempts

by in Splunk Dev
‎04-27-2022 11:58 PM
‎04-27-2022 11:58 PM
Hi, Why this query is not working in my environment. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-28-2022 06:54 AM