- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to identify an 'Upload' in search?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm trying to search for logs relating to an upload of data. For example, a computer uploads a file to dropbox or some external server. What is a keyword used to search and identify that log?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This depends entirely on what kind of events your logs have related to this and what knowledge objects you have created that can be used for identifying various events. It is not as simple as providing one single keyword. In order for us to be able to give you useful answers, you need to provide much more details on what your logs look like, what different scenarios you're looking at and what tags etc you've built for identifying the events in question.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This depends entirely on what kind of events your logs have related to this and what knowledge objects you have created that can be used for identifying various events. It is not as simple as providing one single keyword. In order for us to be able to give you useful answers, you need to provide much more details on what your logs look like, what different scenarios you're looking at and what tags etc you've built for identifying the events in question.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, this would have to be tracked by intermediate devices such as a proxy. If you want to keep better track of a whole chain you would need some kind of DLP tool. Splunk is only as good as the input you feed it, so if you don't have logs providing enough information about that a document was uploaded somewhere, for instance, then Splunk won't be able to magically get that information for you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To be more specific, documents(primarily txt documents) uploaded from a computer through the network through the server through the internet to an ip. Is there any Windows event log that signifies data is being copied and uploaded?
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
