×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
boan0ite
Engager
Member since: ‎04-23-2023
‎04-23-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎04-23-2023
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Sources Sending A High Volume Of DNS Traffic

by in Alerting
‎04-23-2023 12:33 AM
‎04-23-2023 12:33 AM
Hello I was also wondering the same as I also want to implement this use case but searching all time consumes a lot of resources and I want to decrease it to a shorter time frame.   "where num_data_samples >=4"  why do u have 4 in your query?    ... View more

Re: Sources Sending A High Volume Of DNS Traffic

by in Alerting
‎04-23-2023 12:31 AM
1 Karma
‎04-23-2023 12:31 AM
1 Karma
Hello I'm also working with this query i found there was an error on line 4 in the end , it shouldn't be : by src_ip   Should be: All_Traffic.src_ip Other thing is that you need to search All time. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-23-2023 01:01 PM
Karma from
View All