Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
👨🏻‍🍳 helping you cook better apps

Younes Jaaidi yjaaidi

💭
👨🏻‍🍳 helping you cook better apps
View GitHub Profile
@yjaaidi
yjaaidi / splunk-most-request-resource-by-user
Last active Jul 9, 2017
Splunk Search Query - Most Request Resource By User
View splunk-most-request-resource-by-user
stats count by user fqdn
| eventstats sum(count) as count_by_user by user
| eval percent=count/count_by_user
| table user, fqdn, percent, count, count_by_user
| sort - percent
| search count_by_user > 100
@yjaaidi
yjaaidi / splunk-above-average-activity
Last active Oct 30, 2015
Splunk Search Query - Detect Above Average Activity Using Standard Deviation
View splunk-above-average-activity
tag=firewall action=deny
| stats count values(dst) by src
| eventstats avg(count) as avg_count
| eval standard_deviation=count/avg_count
| fields - count, avg_count
| search standard_deviation > 10