cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
wingfieldj
Explorer
Member since: ‎02-05-2015
‎11-02-2023
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎02-05-2015
Activity Feed
View All

Re: monitoring windows services

by in Monitoring Splunk
‎10-22-2019 11:17 AM
‎10-22-2019 11:17 AM
I do not think i have the input yet. i am hoping that the Splunk add-on for MS Windows will help with this. ... View more

monitoring windows services

by in Monitoring Splunk
‎10-22-2019 09:40 AM
‎10-22-2019 09:40 AM
how do you monitor a windows server service that is set to start at boot time and flag it if it stops or did not start? For instance monitoring the MSExchangeFrontEndTransport service every 20 minutes and alert if it is not running. ... View more

Re: How to search syslog data to find if 3 IP sour...

by in Splunk Search
‎08-15-2016 01:40 PM
‎08-15-2016 01:40 PM
yes src_ip and dst_ip are in the same event src_ip=111.111.111.111 OR src_ip=222.222.222.222 OR src_ip=333.333.333 type=TRAFFIC | top 10 dst_ip results in 10 ip addresses...and clicking on the ip address will show the events for each of the addresses in the search and some additional addresses...so that is almost it ( not exclusive to the three listed ips) ... View more

Re: How to search syslog data to find if 3 IP sour...

by in Splunk Search
‎08-15-2016 06:55 AM
‎08-15-2016 06:55 AM
thanks for your responses.... so new to complex searches... Restating the scenario: Using the firewall logs, I am trying to find common website/destination IP that 3 known users have in common...due to bad guy activity on the src_IP, like malware So I could set a custom filter for the block of time...to remove that complexity. I tried the following - no results src_ip=111.111.111.111 OR src_ip=222.222.222.222 OR src_ip=333.333.333 type=TRAFFIC | bucket span=2d _time | stats dc(src_ip) as ips by dest_ip The following had 12000 events no matches...But I know they all three had gone to the same dst_ip in the last 2 hours... src_ip=111.111.111.111 OR src_ip=222.222.222.222 OR src_ip=333.333.333 type=TRAFFIC | bucket span=120m _time | stats dc(src_ip) as ips by dest_ip I tried the following custom time set - no results src_ip=111.111.111.111 OR src_ip=222.222.222.222 OR src_ip=333.333.333 type=TRAFFIC | stats dc(src_ip) as ips by dest_ip I tried the following custom time set - Error in Stats command (ip=111.111.111.111 OR src_ip=222.222.222.222 OR src_ip=333.333.333) type=TRAFFIC | stats count(src_ip) as COUNT dst_ip src_ip The following with custom time set results in 10085 (ip=111.111.111.111 OR src_ip=222.222.222.222 OR src_ip=333.333.333) type=TRAFFIC| stats count(src_ip) as COUNT ... View more

How to search syslog data to find if 3 IP sources ...

by in Splunk Search
‎07-28-2016 12:50 PM
‎07-28-2016 12:50 PM
Using syslog data, how do I find if 3 systems go to a common webpage in a 48 hour period? I have 3 IP sources with OR between them in a search... Do you pipe this to associate and find the destination IP addresses in common? Rare values do not seem to work... Jim W. ... View more

Re: Why tcpdump says Syslog traffic from Cisco ASA...

by in Getting Data In
‎02-12-2015 07:54 AM
1 Karma
‎02-12-2015 07:54 AM
1 Karma
The default search looks at logs posted to 'Main' Index. If you put the ASA logs into another index it does not show up. Changes to what index is used is under Access Control/Roles change each account type, for example User check under "Indexes searched by default" add other logs as needed ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-02-2023 05:01 PM
Karma from
View All