34 lines (27 loc) · 1.31 KB

splunk stream

Expression

product = "splunk stream"

Fields

Field	Core	Detection	Informational
src_mac			✓
bytes_out			✓
dest_mac			✓
bytes_in			✓
bytes			✓

Activity Types

Activity Type	Field	Status	Core	Detection	Informational
dhcp-session	transaction_id
	ip_lease_time
	domain
	dns_ip_flow
	event_name
	router_subnet
	router_ip_flow
dns-response	response_ttl
	time_taken