Hello,
is this app still OK for current Splunk versions (6.5.2 for instance) ?
Thanks.
Hi realsplunk,
i just tried it with 7.0.0. Works like a swiss clock. Will update it to flag that it works.
to test:
index=_internal | head 1 | eval clientip="89.234.157.254" | lookup threatscore clientip | table clientip, threatscore
Should be a threatscore higher then 0 (currently 61).
best
Hi realsplunk,
i just tried it with 7.0.0. Works like a swiss clock. Will update it to flag that it works.
to test:
index=_internal | head 1 | eval clientip="89.234.157.254" | lookup threatscore clientip | table clientip, threatscore
Should be a threatscore higher then 0 (currently 61).
best