I have data piped to Splunk from F5 and is configured to generate WAF reports and it is being sent to Splunk.
When I do a search on "blocked request" I am not able to find any data related to it. However, if I find any data within 5mins, I click on the show source and I am able to find the information I need. In addition, it seems like the search result is showing per line from the WAF report.
I need some advice on how to enhance the search query and find the information that I need, specifically the blocked requests.
... View more