Hello,
I'm not sure the best way that this can be handled. But I have a Citrix Netscaler that I've copied logs from our Syslog server to a temporary Splunk setup. I'm looking to graph unique Source IP (in the log) to Vservers. As it seems like a virus on a computer made a number of attempts to one of our websites. Trying to see if there are other computers out there doing these hits as well. Not sure if Splunk is the right answer.
Here's a log sample:
2013-01-07T13:40:59.996431-05:00 netscaler 01/07/2013:13:41:02 netscaler PPE-0 : TCP CONN_DELINK 30096954 : Source ip:port - Vserver ip:port - NatIP ip:port - Destination ip:port - Delink Time 01/07/2013:13:41:02 - Total_bytes_send 943 - Total_bytes_recv 401
... View more