×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
mkshah
New Member
Member since: ‎11-02-2022
‎11-03-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-02-2022
View All

How to display palo threat over a month with sever...

by in Splunk Search
‎11-02-2022 11:29 PM
‎11-02-2022 11:29 PM
Hi , how to do i display number of blocked and allowed threats with different severities in a timeframe(e.g monthly). Something like this output,   Month                    action               critical            high                medium               low 2022-11              allowed               9                        22                  45                        100                                  blocked                20                     400           44345                   23423   2022-10              allowed               39                        22                  4                        100                                  blocked                20                     500           4445                   23423   I can get to either of below output but not able to get as above,, ---- index=palo-network threat sourcetype="pan:threat" severity!=informational| bucket _time span=1month | eval Date=strftime('_time',"%Y-%m")| stats values(severity) count by _time,action ---- index=palo-network threat sourcetype="pan:threat" severity!=informational | bucket _time span=1month | eval Date=strftime('_time',"%Y-%m") | chart count over action by severity   Thank you. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-03-2022 02:52 AM