Skip to content

Instantly share code, notes, and snippets.

View yjaaidi's full-sized avatar
💭
👨🏻‍🍳 helping you cook better apps

Younes Jaaidi yjaaidi

💭
👨🏻‍🍳 helping you cook better apps
View GitHub Profile
@yjaaidi
yjaaidi / splunk-above-average-activity
Last active October 30, 2015 14:49
Splunk Search Query - Detect Above Average Activity Using Standard Deviation
tag=firewall action=deny
| stats count values(dst) by src
| eventstats avg(count) as avg_count
| eval standard_deviation=count/avg_count
| fields - count, avg_count
| search standard_deviation > 10
@yjaaidi
yjaaidi / splunk-most-request-resource-by-user
Last active July 9, 2017 19:16
Splunk Search Query - Most Request Resource By User
stats count by user fqdn
| eventstats sum(count) as count_by_user by user
| eval percent=count/count_by_user
| table user, fqdn, percent, count, count_by_user
| sort - percent
| search count_by_user > 100