Hi there
I have many log-entries with the two fields "host_address" (an IP address) and "query" (a search query). One entry per query. I would like to figure out which "host_addresses" do their queries in alphabetical order. That's it.
To be honest: I have no idea where to start!
The only thing I found was the following article:
[https://www.splunk.com/blog/2017/06/16/detecting-brute-force-attacks-with-splunk.html][1]
but it does not really help me eather. Can anyone?
Best regards, Dominic
... View more