Is there a built-in solution in splunk that does the frequency analysis (for ex. on domain names) ? There is a solution by Mark Baggett in https://github.com/MarkBaggett/freq but I had problems using it in splunk. It either can be run using the python script: $ python3 freq.py freqtable2018.freq -m splunk.com (6.0006, 5.0954) Or using curl: $ curl http://127.0.0.1:20304/measure/splunk.com (6.0006, 5.0954) I want to run it against a field for ex. called "query" in my zeek dns logs and calculate the frequency and save it in another field
... View more