×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ElliottP
New Member
Member since: ‎04-04-2013
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-04-2013
Activity Feed
Topics I've Started
View All

Correlate multiple log sources

by in Splunk Search
‎04-04-2013 08:20 AM
‎04-04-2013 08:20 AM
I am new to Splunk and would really appreciate some guidance or advice on how to do the following: I have some log files that I wish to build a search/report that correlates them. I have loaded them into Splunk as separate log sources via the "Choose Data From File or Directory" option. I followed the documentation to do this and they now appear as separate log sources in the search app. The logs are of the following systems: IDP/S Firewall NAT DHCP Domain Controller Antivirus I wish to correlate them by linking together certain fields of each source type to create a report of an instance of network incident such as malware threat picked up by Antivirus. This should then show the full path, step by step through the log sources above. I am conducting this for a university project on logs that I have generated. I would really be grateful for any help or guidance anybody can offer. Many thanks, Elliott ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM