As stated above. Looking for indication of XSS probe and associated characters. I know this could be URL encoded and that Splunk has a built-in decoder but what would be the most effective way to search for this information?
If this a question related to search time optimization? Why not using |urldecode or searching for encoded string?