Splunk - Data - Assessment 2022 11 15

84
Unique Index(es)
739,223 Unique Sourcetype(s)
721,542 Unique Host(s)
Index Detail by Sourcetype and Contributing Forwarders - (Click to search

raw events)
Index Detail by Sourcetype and Contributing Forwarders - (Click to search raw events) (Columns 1-4 of 7)
# index sourcetype_count unique_hosts sourcetype
1pass
word_
scratc
1 h 1 1 onepassword:event
1pass
word_
2 vaults 1 1 1password:insights:item_usages
3 airflow 1 1 httpevent
armiss
4 cratch 1 1 httpevent
audit_
summ
5 ary 1 2 stash
6 auth0 1 1 httpevent
OktaIM2:app
OktaIM2:group
OktaIM2:log
OktaIM2:user
Radius
bifrost:firehose
duo:administrator
duo:authentication
duo:info_summary
authpr duo:telephony
7 ovider 11 9 httpevent
2022-11-15 10:22:03 EST
Data Source Inventory Page 1

# sourcetype: # available hosts latest_event event_last_seen (Days+HH:MM:SS)
1 onepassword:event: 1 11/15/2022 10:17:45 00:02:08
1password:insights:
2 item_usages: 1 11/15/2022 09:16:55 01:02:58
3 httpevent: 1 11/15/2022 10:19:52 00:00:01
4 httpevent: 1 11/15/2022 10:19:52 00:00:01
5 stash: 2 11/15/2022 10:18:00 00:01:53
6 httpevent: 1 11/15/2022 10:19:52 00:00:01
OktaIM2:app: 1 11/14/2022 10:05:21 1+00:14:32

OktaIM2:group: 1 11/14/2022 09:56:26 1+00:23:27
OktaIM2:log: 1 11/15/2022 10:16:31 00:03:22
OktaIM2:user: 1 11/14/2022 10:55:30 23:24:23
Radius: 9 11/15/2022 09:19:43 01:00:10
bifrost:firehose: 1 11/15/2022 10:19:30 00:00:23
duo:administrator: 1 11/15/2022 10:05:50 00:14:03
duo:authentication: 1 11/15/2022 10:15:22 00:04:31
duo:info_summary: 1 11/15/2022 10:17:24 00:02:29
duo:telephony: 1 11/15/2022 09:58:34 00:21:19
7 httpevent: 1 11/15/2022 10:19:52 00:00:01
8 aws 1 5 aws:cloudtrail
cim_m
odacti modular_alerts:notable
9 ons 2 2 modular_alerts:risk
client_
engine
10 ering 1 4 osquery_json
corpa
11 pp 1 1 slack:audit_logs
cs_ev CrowdStrike:Event:Streams:JSON
12 ent_all 2 1 crowdstrike:indicators:json
devpip
13 eline 1 1 github:json
14 dns 1 1 opendns:dnslogs
15 email 1 9 iis:smtp:log
endpoi
nt_su
16 mmary 1 2 stash
fastly_
servic
e_api_
17 proxy 1 1 httpevent
fgt_event
fgt_traffic
fgt_utm
firewal juniper:junos:firewall
18 l 5 48 pan:traffic
gia_su
19 mmary 1 2 stash
20 github 1 1 github:json
21 gsuite 1 1 manual
huxley
_1_8_
summ
22 ary 1 2 stash
2022-11-15 10:22:03 EST

8 aws:cloudtrail: 5 11/15/2022 10:19:21 00:00:32
modular_alerts:notable: 2 11/15/2022 10:10:11 00:09:42

9 modular_alerts:risk: 2 11/15/2022 10:10:16 00:09:37
10 osquery_json: 4 11/15/2022 16:57:11
11 slack:audit_logs: 1 11/15/2022 10:19:14 00:00:39
CrowdStrike:Event:Streams
:JSON: 1 11/15/2022 10:08:30 00:11:23
12 crowdstrike:indicators:json: 1 10/19/2022 20:03:53 26+15:16:00
13 github:json: 1 11/15/2022 10:19:15 00:00:38
14 opendns:dnslogs: 1 11/15/2022 10:10:03 00:09:50
15 iis:smtp:log: 9 11/14/2022 16:35:23 17:44:30
16 stash: 2 11/15/2022 10:18:00 00:01:53
17 httpevent: 1 11/15/2022 10:19:52 00:00:01
fgt_event: 12 11/15/2022 10:19:41 00:00:12

fgt_traffic: 12 11/15/2022 10:19:52 00:00:01
fgt_utm: 9 11/15/2022 09:37:50 00:42:03
juniper:junos:firewall: 48 11/15/2022 10:19:39 00:00:14
18 pan:traffic: 14 11/15/2022 10:19:51 00:00:02
19 stash: 2 11/15/2022 10:18:00 00:01:53
20 github:json: 1 11/15/2022 10:19:15 00:00:38
21 manual: 1 10/24/2022 10:12:03 22+01:07:50
22 stash: 2 11/15/2022 10:18:00 00:01:53
infrastr
ucture
_healt
h_sum
23 mary 1 2 stash
ipfabri
24 c 1 1 httpevent
jamf_s jamf:computer_event
25 cratch 2 1 jamf:internal
2022-11-15 10:22:03 EST

23 stash: 2 11/15/2022 10:18:00 00:01:53
24 httpevent: 1 11/15/2022 10:19:52 00:00:01
jamf:computer_event: 1 11/15/2022 10:19:50 00:00:03

25 jamf:internal: 1 11/15/2022 10:19:44 00:00:09
2022-11-15 10:22:03 EST

httpevent
kube:container:access-reporting-service-prd
kube:container:account-bank-info-sidekiq
kube:container:account-bank-info-web
kube:container:account-central-manifest-ser-58cc9d
kube:container:account-central-ui-prod
kube:container:account-service-prod
kube:container:acmesolver
kube:container:activity-service-prod
kube:container:admin-web-prod
kube:container:admission-controller
kube:container:airflow-scheduler
kube:container:airflow-webserver
kube:container:airlock-rabbitmq-prd
kube:container:airlock-rails-prd
kube:container:airlock-sidekiq-prd
kube:container:airlock-temporal-worker
kube:container:alchemist-site
kube:container:alertmanager
kube:container:announcements-db-migrate-1cabbf-pod
kube:container:announcements-db-migrate-b3c399-pod
kube:container:announcements-db-migrate-d4a18d-pod
kube:container:announcements-rabbitmq-consumer
kube:container:announcements-sidekiq
kube:container:announcements-web
kube:container:ap-harvest-mist
kube:container:ap-harvest-vsz-apac
kube:container:ap-harvest-vsz-apac-loc
kube:container:ap-harvest-vsz-emea
kube:container:ap-harvest-vsz-emea-loc
kube:container:ap-harvest-vsz-usc
kube:container:ap-harvest-vsz-usc-loc
kube:container:apm-consumer
kube:container:apm-server
kube:container:apm-server-exporter
kube:container:apm-server-index-template
kube:container:apm-server-index-template-euuid
kube:container:aug-des-engine-9e6d24
kube:container:auth-api-prod
kube:container:authentication
kube:container:auto-scaling-container
kube:container:autorun-batch
kube:container:autorun-dashboard-30f79bec32
kube:container:autorun-executor-30f79bec32
kube:container:autorun-web-30f79bec32
kube:container:autorun-worker-30f79bec32
kube:container:av-api-prod
kube:container:av-prod
kube:container:availability-query-api
kube:container:aws-cluster-autoscaler
kube:container:aws-node
kube:container:aws-sigv4-proxy
kube:container:aws-vpc-cni-init
kube:container:bank-report-parser-cron
kube:container:bank-report-parser-worker
kube:container:billing-api-db-migrate-15e482-pod
kube:container:billing-api-db-migrate-2745bc-pod
kube:container:billing-api-db-migrate-62fa1d-pod
kube:container:billing-api-db-migrate-682ae7-pod
kube:container:billing-api-db-migrate-b238ae-pod
kube:container:billing-api-db-migrate-b9f7d8-pod
kube:container:billing-api-db-migrate-be1d70-pod
kube:container:billing-api-db-migrate-e0206e-pod
kube:container:billing-api-manage-orders
kube:container:billing-api-order-created
kube:container:billing-api-preview-trigger
kube:container:billing-api-previews
kube:container:billing-api-previews-cron
kube:container:billing-api-previews2
kube:container:billing-api-previews2-cron
kuber kube:container:billing-api-prometheus
netes_ kube:container:billing-api-single-threaded
hydra kube:container:billing-api-split-invoice
26 _logs 825 429 ... Truncated. 72.0% shown.
2022-11-15 10:22:03 EST

httpevent: 6 11/15/2022 10:19:52 00:00:01

kube:container:access- 11/15/2022 10:19:34 00:00:19
reporting-service-prd: 20 11/15/2022 10:18:00 00:01:53
kube:container:account- 11/15/2022 10:19:13 00:00:40
bank-info-sidekiq: 8 11/15/2022 10:19:40 00:00:13
bank-info-web: 9 11/15/2022 10:19:46 00:00:07
kube:container:account- 11/13/2022 13:00:49 1+21:19:04
central-manifest-ser- 11/15/2022 10:19:15 00:00:38
58cc9d: 5 11/15/2022 09:43:40 00:36:13
central-ui-prod: 129 11/15/2022 10:19:39 00:00:14
service-prod: 188 11/15/2022 10:19:46 00:00:07
kube:container:acmesolver 11/15/2022 10:19:45 00:00:08
: 159 11/15/2022 10:19:45 00:00:08
kube:container:activity- 11/15/2022 10:19:26 00:00:27
service-prod: 14 11/15/2022 10:19:44 00:00:09
kube:container:admin-web 11/15/2022 10:17:26 00:02:27
-prod: 15 10/18/2022 10:47:35 28+00:32:18
kube:container:admission- 11/04/2022 15:09:26 10+20:10:27
controller: 6 10/19/2022 13:05:12 26+22:14:41
kube:container:airflow- 11/15/2022 10:19:37 00:00:16
scheduler: 8 11/15/2022 10:19:34 00:00:19
webserver: 10 11/14/2022 15:02:11 19:17:42
kube:container:airlock- 11/14/2022 19:00:16 15:19:37
rabbitmq-prd: 100 11/14/2022 19:00:15 15:19:38
kube:container:airlock-rails 11/14/2022 19:00:06 15:19:47
-prd: 132 11/14/2022 19:00:22 15:19:31
sidekiq-prd: 174 11/14/2022 19:01:13 15:18:40
temporal-worker: 36 11/15/2022 10:19:43 00:00:10
kube:container:alchemist- 11/09/2022 11:28:22 5+22:51:31
site: 17 11/14/2022 14:55:01 19:24:52
kube:container: 11/14/2022 12:25:59 21:53:54
alertmanager: 47 11/15/2022 10:17:11 00:02:42
kube:container: 11/03/2022 19:40:07 11+15:39:46
announcements-db-migrate 11/15/2022 10:19:40 00:00:13
-1cabbf-pod: 1 11/15/2022 10:19:42 00:00:11
kube:container: 11/11/2022 15:06:45 3+19:13:08
-b3c399-pod: 1 11/15/2022 10:19:31 00:00:22
kube:container: 11/15/2022 10:19:11 00:00:42
-d4a18d-pod: 1 11/15/2022 10:19:44 00:00:09
kube:container: 11/15/2022 10:19:40 00:00:13
announcements-rabbitmq- 11/15/2022 10:19:41 00:00:12
consumer: 64 11/15/2022 10:19:41 00:00:12
kube:container: 11/15/2022 07:10:19 03:09:34
announcements-sidekiq: 11/15/2022 10:18:48 00:01:05
58 11/15/2022 06:20:34 03:59:19
kube:container: 11/15/2022 09:28:09 00:51:44
announcements-web: 147 11/15/2022 10:19:43 00:00:10
kube:container:ap-harvest 10/31/2022 11:48:20 14+23:31:33
-mist: 95 11/03/2022 09:27:06 12+01:52:47
-vsz-apac: 104 10/31/2022 11:45:01 14+23:34:52
-vsz-apac-loc: 108 10/31/2022 11:49:48 14+23:30:05
-vsz-emea: 113 10/31/2022 11:41:51 14+23:38:02
-vsz-emea-loc: 113 11/15/2022 10:19:46 00:00:07
kube:container:ap-harvest 11/15/2022 10:19:41 00:00:12
-vsz-usc: 121 11/01/2022 05:00:11 14+06:19:42
-vsz-usc-loc: 118 11/14/2022 23:00:12 11:19:41
kube:container:apm- 11/14/2022 23:00:10 11:19:43
consumer: 101 11/12/2022 06:04:43 3+04:15:10
kube:container:apm-server 11/12/2022 06:05:21 3+04:14:32
: 161 11/15/2022 10:19:48 00:00:05
26 ... Truncated. 33.0% shown. ... Truncated. 72.0% shown.
... Truncated. 72.0% shown.
2022-11-15 10:22:03 EST

httpevent
kube:container:access-reporting-service-stg
kube:container:account-central-manifest-ser-04edb0
kube:container:account-central-ui-staging
kube:container:account-service-staging
kube:container:account-svc-staging
kube:container:activity-service-qa
kube:container:admin-web-qa
kube:container:admission-webhook
kube:container:airlock-rabbitmq-stg
kube:container:airlock-rails-stg
kube:container:airlock-sidekiq-stg
kube:container:alchemist-dev-site
kube:container:alchemist-uat-site
kube:container:announcements-staging-rabbit-1e8e88
kube:container:announcements-staging-sidekiq
kube:container:announcements-staging-web
kube:container:auth-api-dev
kube:container:av-api-staging
kube:container:av-staging
kube:container:availability-query-api-add-5-d84516
kube:container:availability-query-api-avbl--013f4d
kube:container:availability-query-api-avbl--8a10ad
kube:container:availability-query-api-avbl--a22c11
kube:container:availability-query-api-avbl--b4531e
kube:container:availability-query-api-avbl--c2a4fb
kube:container:availability-query-api-chang-c7555d
kube:container:availability-query-api-claim-cd69f4
kube:container:availability-query-api-depen-683f3d
kube:container:availability-query-api-depen-79e264
kube:container:availability-query-api-depen-88c7ad
kube:container:availability-query-api-depen-9138f0
kube:container:availability-query-api-depen-96e926
kube:container:availability-query-api-depen-a542a1
kube:container:availability-query-api-depen-acd561
kube:container:availability-query-api-depen-ba0ee5
kube:container:availability-query-api-depen-e2b95f
kube:container:availability-query-api-depen-fdb245
kube:container:availability-query-api-disab-0764d9
kube:container:availability-query-api-disab-93d7ac
kube:container:availability-query-api-json-logging
kube:container:availability-query-api-produ-aa11cc
kube:container:availability-query-api-produ-fbd1bf
kube:container:billing-api-prometheus
kube:container:billing-api-single-threaded
kube:container:billing-api-split-invoice
kube:container:billing-api-web
kuber kube:container:billing-api-worker
netes_ kube:container:billing-discounts-service-ba-1d7f59
kenny kube:container:billing-discounts-service-ba-8e208f
27 _logs 742 277 ... Truncated. 72.0% shown.
2022-11-15 10:22:03 EST

httpevent: 24 11/15/2022 10:19:52 00:00:01

reporting-service-stg: 3 11/15/2022 10:18:00 00:01:53
bank-info-web: 4 11/15/2022 10:17:36 00:02:17
central-manifest-ser- 11/13/2022 13:00:49 1+21:19:04
04edb0: 1 11/15/2022 10:16:59 00:02:54
central-ui-staging: 5 11/15/2022 10:19:40 00:00:13
service-staging: 7 11/15/2022 10:19:39 00:00:14
svc-staging: 3 11/15/2022 10:17:34 00:02:19
: 18 11/15/2022 10:19:00 00:00:53
service-qa: 6 11/15/2022 10:19:34 00:00:19
-qa: 7 11/15/2022 10:19:38 00:00:15
kube:container:admission- 11/15/2022 10:17:26 00:02:27
controller: 21 11/15/2022 10:17:35 00:02:18
webhook: 3 11/15/2022 10:18:45 00:01:08
scheduler: 5 11/15/2022 10:19:43 00:00:10
kube:container:airflow- 11/09/2022 11:28:22 5+22:51:31
webserver: 4 11/14/2022 14:55:01 19:24:52
rabbitmq-stg: 3 11/15/2022 10:19:29 00:00:24
-stg: 3 11/15/2022 10:19:33 00:00:20
sidekiq-stg: 3 11/15/2022 10:19:41 00:00:12
kube:container:airlock- 10/24/2022 12:20:00 21+22:59:53
temporal-worker: 4 11/02/2022 14:37:22 12+20:42:31
dev-site: 3 10/18/2022 15:50:54 27+19:28:59
site: 4 10/31/2022 14:23:20 14+20:56:33
uat-site: 4 10/20/2022 10:29:03 26+00:50:50
kube:container: 11/15/2022 07:59:20 02:20:33
alertmanager: 34 11/01/2022 01:23:16 14+09:56:37
kube:container: 11/15/2022 08:29:49 01:50:04
announcements-staging- 10/31/2022 14:23:20 14+20:56:33
rabbit-1e8e88: 3 10/21/2022 15:13:30 24+20:06:23
kube:container: 10/31/2022 14:23:19 14+20:56:34
sidekiq: 4 10/20/2022 19:46:56 25+15:32:57
kube:container: 11/15/2022 08:45:38 01:34:15
web: 3 10/21/2022 09:30:38 25+01:49:15
kube:container:apm- 10/24/2022 13:04:56 21+22:14:57
consumer: 81 10/25/2022 14:26:04 20+20:53:49
kube:container:apm-server: 5810/24/2022 12:16:38 21+23:03:15
kube:container:apm-server 10/31/2022 14:23:20 14+20:56:33
-exporter: 2 11/15/2022 10:19:41 00:00:12
kube:container:apm-server 11/15/2022 07:10:19 03:09:34
-index-template: 32 11/15/2022 06:20:34 03:59:19
-index-template-euuid: 11/12/2022 06:00:42 3+04:19:11
33 11/15/2022 10:19:46 00:00:07
kube:container:auth-api-dev: 4 11/15/2022 10:19:41 00:00:12
kube:container:auto- 11/12/2022 06:04:43 3+04:15:10
scaling-container: 11 11/12/2022 06:05:21 3+04:14:32
kube:container:av-api- 11/15/2022 10:19:48 00:00:05
staging: 3 11/15/2022 10:19:42 00:00:11
kube:container:av-staging: 3 11/15/2022 10:19:48 00:00:05
kube:container:availability- 11/15/2022 10:19:47 00:00:06
query-api: 4 11/15/2022 10:19:40 00:00:13
2022-11-15 10:22:03 EST

httpevent
kube:container:aws-sigv4-proxy
kube:container:bank-report-parser-cron
kube:container:billing-api-previews-cron
kube:container:billing-api-previews2-cron
kube:container:billing-api-single-threaded
kube:container:billing-api-split-invoice
kube:container:billing-api-statements-cron
kube:container:billing-api-web
kube:container:billing-api-worker
kube:container:billing-discounts-service-web
kube:container:billing-discounts-service-worker
kube:container:blackbox-exporter
kube:container:bldg-tech
kube:container:bldg-tech-auth
kube:container:bldg-tech-solstice
kube:container:bp-account-risk-assessment-web
kube:container:bp-account-risk-assessment-worker
kube:container:bp-dlq-admin-web
kube:container:bp-dlq-admin-worker
kube:container:bp-giro-applications-web
kube:container:bp-po-number-web
kube:container:budget-api-qa
kube:container:ce-login-js-bridge
kube:container:cert-manager
kube:container:charging-service-web
kube:container:cloudhealth-container-collector
kube:container:cloudwatch-agent
kube:container:cmp-dev
kube:container:community-events-api-rabbitmq
kube:container:community-events-api-sidekiq
kube:container:community-events-api-web
kube:container:concierge-deescalate-access
kube:container:concierge-deprovision-job
kube:container:concierge-import-workday-employee
kube:container:concierge-purge-old-login-attempts
kuber kube:container:config-reloader
netes_ kube:container:configure-sysctl
28 logs 460 59 ... Truncated. 72.0% shown.
2022-11-15 10:22:03 EST

httpevent: 1 11/15/2022 10:19:52 00:00:01

bank-info-web: 1 11/15/2022 09:51:46 00:28:07
04edb0: 1 11/15/2022 10:16:59 00:02:54
service-staging: 27 11/15/2022 10:19:41 00:00:12
kube:container:acmesolver: 5 11/15/2022 10:17:34 00:02:19
service-qa: 2 11/15/2022 10:19:00 00:00:53
-qa: 2 11/15/2022 10:17:26 00:02:27
controller: 2 11/15/2022 10:17:51 00:02:02
scheduler: 1 11/14/2022 19:00:06 15:19:47
webserver: 1 11/15/2022 10:19:41 00:00:12
rabbitmq-stg: 12 11/14/2022 14:55:01 19:24:52
-stg: 14 11/15/2022 10:19:29 00:00:24
sidekiq-stg: 11 11/15/2022 10:19:42 00:00:11
kube:container:alchemist- 11/15/2022 10:19:41 00:00:12
site: 6 11/15/2022 07:10:19 03:09:34
kube:container: 11/15/2022 10:18:48 00:01:05
alertmanager: 16 11/15/2022 06:20:34 03:59:19
kube:container: 11/15/2022 09:28:09 00:51:44
announcements-staging- 11/15/2022 10:19:43 00:00:10
rabbit-1e8e88: 6 11/12/2022 06:00:42 3+04:19:11
kube:container: 11/15/2022 10:19:46 00:00:07
sidekiq: 13 11/01/2022 05:00:14 14+06:19:39
kube:container: 11/14/2022 23:00:10 11:19:43
web: 9 11/15/2022 10:19:48 00:00:05
-vsz-usc: 6 11/15/2022 10:19:42 00:00:11
-vsz-usc-loc: 6 11/15/2022 10:19:37 00:00:16
kube:container:apm- 11/15/2022 10:19:46 00:00:07
consumer: 4 11/10/2022 19:12:50 4+15:07:03
kube:container:apm-server: 1611/15/2022 09:50:34 00:29:19
-index-template: 9 11/15/2022 09:57:46 00:22:07
-index-template-euuid: 8 11/15/2022 10:19:30 00:00:23
kube:container:auth-api-dev: 1 11/11/2022 18:02:30 3+16:17:23
kube:container: 11/15/2022 10:18:34 00:01:19
authentication: 3 11/15/2022 10:19:27 00:00:26
kube:container:auto- 11/15/2022 10:08:26 00:11:27
scaling-container: 8 11/15/2022 09:56:49 00:23:04
kube:container:aws-cluster 11/15/2022 10:16:16 00:03:37
-autoscaler: 1 11/15/2022 10:19:40 00:00:13
kube:container:aws-node: 3 11/15/2022 10:19:39 00:00:14
kube:container:aws-sigv4- 11/15/2022 10:13:31 00:06:22
proxy: 13 11/15/2022 10:19:47 00:00:06
kube:container:aws-vpc- 11/14/2022 21:12:12 13:07:41
cni-init: 1 11/15/2022 10:16:54 00:02:59
kube:container:bank- 11/15/2022 10:16:36 00:03:17
report-parser-cron: 41 11/15/2022 10:19:47 00:00:06
kube:container:bank- 11/15/2022 10:00:07 00:19:46
report-parser-worker: 1 11/15/2022 10:15:25 00:04:28
kube:container:billing-api- 11/15/2022 10:18:48 00:01:05
manage-orders: 13 11/13/2022 19:00:33 1+15:19:20
kube:container:billing-api- 11/15/2022 09:53:56 00:25:57
order-created: 12 11/10/2022 19:15:37 4+15:04:16
2022-11-15 10:22:03 EST

httpevent
kube:container:access-reporting-service-stg
kube:container:account-svc-staging
kube:container:alchemist-dev-site
kube:container:alchemist-uat-site
kube:container:announcements-staging-db-mig-2b9d76-pod
kube:container:announcements-staging-db-mig-889a5f-pod
kube:container:announcements-staging-db-mig-e20985-pod
kube:container:ap-harvest-mist
kube:container:ap-harvest-vsz-apac
kube:container:ap-harvest-vsz-apac-loc
kube:container:ap-harvest-vsz-emea-loc
kube:container:apm-rails-app
kube:container:av-api-staging
kube:container:av-staging
kube:container:availability-query-api-add-5-d84516
kube:container:availability-query-api-avbl--013f4d
kube:container:availability-query-api-avbl--5bb06f
kube:container:availability-query-api-avbl--8a10ad
kube:container:availability-query-api-avbl--a22c11
kube:container:availability-query-api-avbl--b4531e
kube:container:availability-query-api-avbl--bb3ad3
kube:container:availability-query-api-avbl--c2a4fb
kube:container:availability-query-api-avbl--c6f1e7
kube:container:availability-query-api-avbl0-d8da98
kube:container:availability-query-api-backstage-we
kube:container:availability-query-api-bugfi-74c7d4
kube:container:availability-query-api-chang-c7555d
kube:container:availability-query-api-claim-cd69f4
kube:container:availability-query-api-cw-ad-399e1a
kube:container:availability-query-api-cw-av-13b95e
kube:container:availability-query-api-cw-av-1b29de
kube:container:availability-query-api-cw-av-3645d7
kube:container:availability-query-api-cw-av-53342b
kube:container:availability-query-api-cw-av-82528b
kube:container:availability-query-api-cw-cl-1829fc
kube:container:availability-query-api-depen-06272a
kube:container:availability-query-api-depen-381a84
kube:container:availability-query-api-depen-3ea319
kuber kube:container:availability-query-api-depen-62b53c
netes_ kube:container:availability-query-api-depen-683f3d
phoeni kube:container:availability-query-api-depen-79e264
29 x_logs 1848 613 ... Truncated. 72.0% shown.
2022-11-15 10:22:03 EST

httpevent: 6 11/15/2022 10:19:52 00:00:01

reporting-service-stg: 38 11/15/2022 10:18:00 00:01:53
bank-info-web: 10 11/15/2022 10:17:36 00:02:17
04edb0: 11 11/15/2022 10:16:59 00:02:54
service-staging: 179 11/15/2022 10:19:41 00:00:12
svc-staging: 27 11/15/2022 10:19:34 00:00:19
: 122 11/15/2022 10:19:26 00:00:27
service-qa: 19 11/15/2022 10:19:44 00:00:09
-qa: 17 11/15/2022 10:17:26 00:02:27
kube:container:admission- 11/04/2022 15:06:16 10+20:13:37
controller: 7 10/19/2022 13:01:39 26+22:18:14
kube:container:airflow- 10/18/2022 10:43:56 28+00:35:57
scheduler: 9 11/15/2022 10:17:35 00:02:18
webserver: 8 11/15/2022 10:18:45 00:01:08
rabbitmq-stg: 101 11/14/2022 19:00:16 15:19:37
-stg: 105 11/14/2022 19:00:22 15:19:31
sidekiq-stg: 106 11/14/2022 19:01:13 15:18:40
temporal-worker: 45 11/11/2022 14:46:42 3+19:33:11
dev-site: 43 11/09/2022 11:28:22 5+22:51:31
site: 42 11/14/2022 12:25:59 21:53:54
uat-site: 16 11/15/2022 10:19:40 00:00:13
kube:container: 11/15/2022 10:19:42 00:00:11
alertmanager: 23 11/15/2022 10:19:33 00:00:20
kube:container: 11/15/2022 10:19:28 00:00:25
announcements-staging-db 11/15/2022 10:19:41 00:00:12
-mig-2b9d76-pod: 1 10/24/2022 12:20:00 21+22:59:53
kube:container: 11/02/2022 14:37:22 12+20:42:31
announcements-staging-db 11/11/2022 10:36:08 3+23:43:45
-mig-889a5f-pod: 1 10/31/2022 14:23:20 14+20:56:33
kube:container: 10/18/2022 15:50:54 27+19:28:59
announcements-staging-db 10/21/2022 15:25:51 24+19:54:02
-mig-e20985-pod: 1 11/15/2022 06:32:56 03:46:57
kube:container: 10/31/2022 14:23:20 14+20:56:33
rabbit-1e8e88: 77 11/15/2022 08:48:35 01:31:18
kube:container: 10/17/2022 10:37:17 29+00:42:36
sidekiq: 99 10/19/2022 18:04:59 26+17:14:54
kube:container: 10/20/2022 10:29:03 26+00:50:50
web: 95 11/15/2022 08:23:15 01:56:38
-mist: 68 11/15/2022 07:57:07 02:22:46
-vsz-apac: 97 11/15/2022 06:29:03 03:50:50
-vsz-apac-loc: 91 11/15/2022 06:35:26 03:44:27
-vsz-emea-loc: 98 10/17/2022 10:50:26 29+00:29:27
-vsz-usc: 112 11/15/2022 07:59:20 02:20:33
2022-11-15 10:22:03 EST

CrowdStrike:Event:Streams:JSON
Unix:Update
Unix:Uptime
cron
df
dmesg
interfaces
linux_bootlog
netstat
ps
stash
lastch top
ancein vmware:vclog:statshandler
30 dex 14 10 workday:user_activity
OktaIM2:app
OktaIM2:group
OktaIM2:log
OktaIM2:user
PerfmonMk:CPU
PerfmonMk:LogicalDisk
PerfmonMk:Memory
PerfmonMk:Process
Unix:Update
Unix:Uptime
WinEventLog
cron
df
exec
httpevent
interfaces
netstat
ps
sc4s:events
sc4s:fallback
31 main 21 4372 top
Unix:Update
Unix:Uptime
cron
df
dmesg
hardware
interfaces
linux_bootlog
netstat
mainte ps
32 nance 11 13 top
mules
33 oft 1 1
mules
oft_de
34 v_logs 1 1
mules
oft_m
35 etrics 1 1 _json
mules
oft_pla
tform_
benefit
36 s 1 1 _json
mules
oft_scr
37 atch 1 1 _json
mules
oft_sta
ging_l
38 ogs 1 1
netarc
39 h_aws 1 1 aws:metadata
40 netdns 1 1 isc:bind:network
2022-11-15 10:22:03 EST

CrowdStrike:Event:Streams
:JSON: 1 11/15/2022 10:08:30 00:11:23
Unix:Update: 10 11/15/2022 09:13:54 01:05:59
Unix:Uptime: 10 11/15/2022 09:13:54 01:05:59
cron: 6 11/15/2022 10:01:01 00:18:52
df: 10 11/15/2022 10:19:46 00:00:07
dmesg: 1 10/17/2022 14:47:45 28+20:32:08
interfaces: 10 11/15/2022 10:19:14 00:00:39
linux_bootlog: 1 10/17/2022 14:47:49 28+20:32:04
netstat: 10 11/15/2022 10:19:46 00:00:07
ps: 10 11/15/2022 10:19:47 00:00:06
stash: 3 11/15/2022 10:18:00 00:01:53
top: 10 11/15/2022 10:19:46 00:00:07
vmware:vclog:statshandler: 6 11/15/2022 08:15:58 02:03:55
30 workday:user_activity: 2 11/15/2022 10:11:18 00:08:35
OktaIM2:app: 1 11/14/2022 10:05:21 1+00:14:32

OktaIM2:group: 1 11/14/2022 09:56:26 1+00:23:27
OktaIM2:log: 1 11/15/2022 10:16:31 00:03:22
OktaIM2:user: 1 11/14/2022 10:55:30 23:24:23
PerfmonMk:CPU: 45 11/15/2022 10:19:45 00:00:08
PerfmonMk:LogicalDisk: 45 11/15/2022 10:19:36 00:00:17
PerfmonMk:Memory: 45 11/15/2022 10:19:45 00:00:08
PerfmonMk:Process: 45 11/15/2022 10:19:45 00:00:08
Unix:Update: 1 11/15/2022 09:13:54 01:05:59
Unix:Uptime: 1 11/15/2022 09:13:54 01:05:59
WinEventLog: 6 11/15/2022 10:19:44 00:00:09
cron: 1 11/15/2022 10:01:01 00:18:52
df: 1 11/15/2022 10:19:46 00:00:07
exec: 4 11/12/2022 19:20:21 2+14:59:32
httpevent: 1 11/15/2022 10:19:52 00:00:01
interfaces: 1 11/15/2022 10:19:14 00:00:39
netstat: 1 11/15/2022 10:19:46 00:00:07
ps: 1 11/15/2022 10:19:47 00:00:06
sc4s:events: 6 11/15/2022 06:45:11 03:34:42
sc4s:fallback: 4372 11/15/2022 10:19:46 00:00:07
31 top: 1 11/15/2022 10:19:46 00:00:07
Unix:Update: 13 11/15/2022 09:13:54 01:05:59

Unix:Uptime: 13 11/15/2022 09:13:54 01:05:59
cron: 6 11/15/2022 10:01:01 00:18:52
df: 13 11/15/2022 10:19:46 00:00:07
dmesg: 9 10/17/2022 14:47:45 28+20:32:08
hardware: 12 11/15/2022 10:14:04 00:05:49
interfaces: 13 11/15/2022 10:19:14 00:00:39
linux_bootlog: 6 10/17/2022 14:47:49 28+20:32:04
netstat: 13 11/15/2022 10:19:46 00:00:07
ps: 13 11/15/2022 10:19:47 00:00:06
32 top: 13 11/15/2022 10:19:46 00:00:07
33 : 1 11/15/2022 10:19:51 00:00:02
34 : 1 11/15/2022 10:19:51 00:00:02
35 _json: 1 11/15/2022 06:07:33 04:12:20
36 _json: 1 11/15/2022 06:07:33 04:12:20
37 _json: 1 11/15/2022 06:07:33 04:12:20
38 : 1 11/15/2022 10:19:51 00:00:02
39 aws:metadata: 1 10/17/2022 09:12:30 29+02:07:23
40 isc:bind:network: 1 11/15/2022 01:52:04 08:27:49
2022-11-15 10:22:03 EST

fgt_traffic
fgt_utm
juniper:junos:firewall
juniper:junos:firewall:structured
41 netfw 5 897 pan:traffic
cisco:ios
dell:emc:powerswitch:n
fgt_"t
fgt_"tra
fgt_"traff
fgt_event
juniper:junos:snmp
juniper:legacy
juniper:structured
42 netops 10 3751 ruckus:smartzone
_json
networ cisco:ios
43 k 3 4468 httpevent
notabl
44 e 1 2 stash
onepa
sswor
d_item
_usag
45 es 1 1 1password:insights:item_usages
onepa
sswor
d_sign
in_atte
46 mpts 1 1 1password:insights:signin_attempts
47 osnix 1 5574 nix:syslog
phant
om_ac
tion_r
48 un 1 1 phantom_search
phant
om_a
49 pp 1 1 phantom_search
phant
om_a
pp_ru
50 n 1 1 phantom_search
phant
om_ar
51 tifact 1 1 phantom_search
phant
om_as
52 set 1 1 phantom_search
phant
om_co
ntaine
53 r 1 1 phantom_search
phant
om_pl
ayboo
54 k 1 1 phantom_search
55 radius 1 2 dts_compliant_ias
56 risk 1 2 stash
salesf
57 orce 1 1 sfdc:realtime_event
salesf
orce_s
58 cratch 1 2 sfdc:realtime_event
2022-11-15 10:22:03 EST

fgt_traffic: 14
fgt_utm: 3 11/15/2022 10:19:52 00:00:01
juniper:junos:firewall: 897 11/15/2022 09:37:50 00:42:03
juniper:junos:firewall: 11/15/2022 10:19:39 00:00:14
structured: 523 11/15/2022 10:19:51 00:00:02
41 pan:traffic: 6 11/15/2022 10:19:51 00:00:02
cisco:ios: 3751 12/16/2022 01:46:35

dell:emc:powerswitch:n: 18 11/15/2022 10:23:59
fgt_"t: 1 11/09/2022 16:46:39
fgt_"tra: 1 11/11/2022 14:13:40
fgt_"traff: 1 11/13/2022 08:06:39
fgt_event: 10 11/15/2022 10:19:41 5+17:33:14
juniper:junos:snmp: 929 11/15/2022 10:19:45 3+20:06:13
juniper:legacy: 1008 11/15/2022 16:54:54 2+02:13:14
juniper:structured: 10 11/15/2022 10:36:55 00:00:12
42 ruckus:smartzone: 7 11/15/2022 10:23:59 00:00:08
_json: 1 11/15/2022 06:07:33

cisco:ios: 4468 12/16/2022 01:46:35 04:12:20
43 httpevent: 1 11/15/2022 10:19:52 00:00:01
44 stash: 2 11/15/2022 10:18:00 00:01:53
1password:insights:
45 item_usages: 1 11/15/2022 09:16:55 01:02:58
1password:insights:
46 signin_attempts: 1 11/15/2022 10:18:59 00:00:54
47 nix:syslog: 5574 12/31/2022 18:59:58
48 phantom_search: 1 11/07/2022 06:12:16 8+04:07:37
49 phantom_search: 1 11/07/2022 06:12:16 8+04:07:37
50 phantom_search: 1 11/07/2022 06:12:16 8+04:07:37
51 phantom_search: 1 11/07/2022 06:12:16 8+04:07:37
52 phantom_search: 1 11/07/2022 06:12:16 8+04:07:37
53 phantom_search: 1 11/07/2022 06:12:16 8+04:07:37
54 phantom_search: 1 11/07/2022 06:12:16 8+04:07:37
55 dts_compliant_ias: 2 11/15/2022 10:19:44 00:00:09
56 stash: 2 11/15/2022 10:18:00 00:01:53
57 sfdc:realtime_event: 1 11/15/2022 10:19:44 00:00:09
58 sfdc:realtime_event: 2 11/15/2022 10:19:44 00:00:09
2022-11-15 10:22:03 EST

JSON
securit carbonblack:defense:json
59 y 3 2095 onepassword:event
sigsci-activity
sigsci-event
60 sigsci 3 1 sigsci-requests
61 slack 1 1 slack:audit_logs
splunk
hostm
62 on 1 4 df
summ
63 ary 1 8 stash
threat
_activi
64 ty 1 2 stash
user_
device
_recor
d_sum
65 mary 1 2 stash
66 waf 1 1 sigsci-event
2022-11-15 10:22:03 EST

JSON: 1
carbonblack:defense:json: 11/14/2022 17:49:43 16:30:10
2095 11/15/2022 10:14:19 00:05:34
59 onepassword:event: 1 11/15/2022 10:17:45 00:02:08
sigsci-activity: 1 11/15/2022 09:38:06 00:41:47

sigsci-event: 1 11/15/2022 08:41:19 01:38:34
60 sigsci-requests: 1 11/15/2022 10:12:59 00:06:54
61 slack:audit_logs: 1 11/15/2022 10:19:14 00:00:39
62 df: 4 11/15/2022 10:19:46 00:00:07
63 stash: 8 11/15/2022 10:18:00 00:01:53
64 stash: 2 11/15/2022 10:18:00 00:01:53
65 stash: 2 11/15/2022 10:18:00 00:01:53
66 sigsci-event: 1 11/15/2022 08:41:19 01:38:34
2022-11-15 10:22:03 EST

,airlock-rabbitmq-6867cf77f-4jgjk,airlock-rabbitmq-7ccf5987cd-c5h5p,airlock-sidekiq-
d54fdcdc-k6f7c,alert-operator-74c8b7bcc7-4fcs8,alert-operator-74c8b7bcc7-lnkjl,auditing-
service-0-5d898b78ff-86cxr,auditing-service-0-5d898b78ff-dsrjf,billing-discounts-service-
bapi-statements-preview-7b6c6477mf498,billing-discounts-service-bapi-statements-preview-
b657fc6dzx54m,billing-discounts-service-worker-6c8d649758-ghqq5,bp-giro-applications-
web-75c4c9996b-64d2q,bp-giro-applications-web-7c6f456566-zjfhs,community-events-api
-web-599b588d6d-nkxpw,concierge-service-0-58974bdbdd-jtdzf,concierge-service-0-
58974bdbdd-mj7vx,concierge-service-1-57cd9d779b-kzb6q,concierge-service-1-
57cd9d779b-pf64n,concierge-service-1-57cd9d779b-z4mbb,cp-srs-event-collector-service
-7dbcf95d95-srzg2,device-manager-68d49bd8cd-7bblp,email-orchestrator-backgroun-
a72f96-dbcb5f8cc-c4z5c,email-orchestrator-kafka-consumer-c9c74f569-wls45,email-
renderer-web-6b8f7f957b-7fg7s,floormap-svc-6cbbcc5c58-5fs2j,floormap-svc-6cbbcc5c58-
lksk2,floorplan-image-service-586b8f7b66-j4nr9,floorplan-image-service-586b8f7b66-mgfpt,
galaxy-sandbox-868b4b877f-wgnxt,galaxy-staging-6d8bbc7569-52tz7,gap-giro-service-
web-6468ff4dd9-jgmq6,gap-giro-service-web-759684789b-kvdms,gap-paynow-qrcode-
backend-web-5f497df797-nhx2w,gap-paynow-qrcode-backend-web-78796c84-c2c5s,gap-
service-gateway-web-6fb4798b6f-gbw7z,gap-service-gateway-web-854c54d685-4qj25,gap
-service-integrator-web-5bf85cfbd6-crlz5,gap-service-integrator-web-6847675944-ns5lw,
godoc-7b89cc458b-b2889,hproam-648b8cbbb9-7674f,inventory--inventory-management-
mysql-monitor-66c455dd88-ggw9k,inventory-management-staging-hostname-6996c975-
d84pk,inventory-management-staging-hostname-6996c975-qj7hl,inventory-management-
staging-hostname-6996c975-w5x6x,inventory-management-staging-ims734-74cc59f4cc-
dsg5z,inventory-management-staging-ims734-74cc59f4cc-ptjcq,inventory-management-
staging-ims734-74cc59f4cc-qf65c,kube2iam-48s2d,kube2iam-74qpd,kube2iam-85tvh,
kube2iam-8mnck,kube2iam-cglk7,kube2iam-gdrlm,kube2iam-hchlc,kube2iam-l8v2r,
kube2iam-xpbt8,locations-api-sidekiq-ff6954465-d6xsm,locations-api-sidekiq-ff6954465-
pgp4d,login-79b6d65d55-njfs8,mena-api-rmq-common-worker-776ccb96d6-rvksx,mena-
api-rmq-consume-users-558cb6797f-gds92,mena-api-rmq-consume-users-d58f64f95-
gdch2,mena-api-rmq-consume-users-d58f64f95-nr97w,mena-api-web-75c8b5f8c6-57nqr
,mena-api-web-75c8b5f8c6-k4nln,mena-api-web-75c8b5f8c6-pg5p5,mw-services-
jobscheduler-6c89df47d5-n8kpp,mw-services-jobscheduler-d5548b85b-hpw9f,neptune-
ingestion-segment-raw-9c6977f47-xf27f,neptune-ingestion-segment-raw-cd55f7477-clcf6,
neptune-ingestion-wefi-normalized-wifi-log-entry-58b64476595x9x,neptune-ingestion-wefi-
normalized-wifi-log-entry-5985bf9cdk7j59,net-terms-service-billing-api-previews-
6dbb5cc794-brqbc,net-terms-service-billing-api-previews-856cc4cb99-j2rht,nginx-ingress-
controller-74bb6b6d9f-4z4z7,nginx-ingress-controller-74bb6b6d9f-bhbgs,nginx-ingress-grpc
-controller-d78cbbc9f-7v9nd,nginx-ingress-grpc-controller-d78cbbc9f-jx99p,nginx-ingress-
grpc-controller-d78cbbc9f-sqp5w,nginx-ingress-internal-controller-69bb4f6449-m5prl,nginx-
ingress-internal-controller-69bb4f6449-nszjj,nginx-ingress-internal-controller-69bb4f6449-
vkgvw,notify-rabbitmq-5db86c4c59-2tpvb,notify-rabbitmq-5db86c4c59-2x8dn,notify-
rabbitmq-5db86c4c59-bvqcd,notify-rabbitmq-5db86c4c59-lh45z,notify-rabbitmq-5db86c4c59-
x9n84,notify-rabbitmq-655db498dd-mqf7k,oauth2-proxy-b644c87f-8cks4,package-vendor-
integration-s-243535-79c6c7b8cb-5rqrf,referral-web-prod-service-0-9bb6b54b4-q98cq,
revstar-portal-6659454495-4pq59,sales-api-web-5b4f67f77b-qg52r,sales-api-web-
6cd6496476-ct75r,sales-api-web-6cd6496476-jbk7f,sales-records-85f7b7b986-tlwmx,
secrets-webhook-wek8s-vault-secrets-webhook-676c9475cc-w78xx,secrets-webhook-
wek8s-vault-secrets-webhook-6f7bbbfd7-hcnzh,secrets-webhook-wek8s-vault-secrets-
webhook-6f7bbbfd7-ptp66,secrets-webhook-wek8s-vault-secrets-webhook-86bf455b4c-
67 wek8s 154 1 wscmj
2022-11-15 10:22:03 EST

:1 11/15/2022 10:19:51
airlock-rabbitmq-6867cf77f- 06/06/1997 20:00:00
4jgjk: 1 07/19/2002 20:00:00
airlock-rabbitmq- 04/18/2017 16:25:15
7ccf5987cd-c5h5p: 1 07/20/2029 14:01:18
airlock-sidekiq-d54fdcdc- 07/20/2029 13:04:04
k6f7c: 1 07/20/2029 14:20:29
alert-operator-74c8b7bcc7- 07/20/2029 14:02:29
4fcs8: 1 08/31/2020 19:59:59
alert-operator-74c8b7bcc7- 07/31/2020 20:00:00
lnkjl: 1 08/31/2020 19:59:59
auditing-service-0- 07/20/2029 13:19:04
5d898b78ff-86cxr: 1 07/20/2029 14:17:46
auditing-service-0- 08/03/2020 07:00:00
5d898b78ff-dsrjf: 1 07/20/2029 13:19:11
billing-discounts-service- 07/20/2029 13:19:10
bapi-statements-preview- 07/20/2029 14:20:52
7b6c6477mf498: 1 07/20/2029 14:20:33
b657fc6dzx54m: 1 10/22/2016 18:20:44
worker-6c8d649758-ghqq5 01/19/1970 06:20:43
:1 12/29/2023 08:00:07
bp-giro-applications-web- 07/20/2029 12:47:23
75c4c9996b-64d2q: 1 07/20/2029 13:09:46
7c6f456566-zjfhs: 1 07/20/2029 01:08:55
community-events-api- 07/20/2029 12:31:10
web-599b588d6d-nkxpw: 07/20/2029 13:15:47 00:00:02
1 07/20/2029 14:21:25 9292+15:19:53
concierge-service-0- 07/20/2029 13:18:40 7423+15:19:53
58974bdbdd-jtdzf: 1 07/20/2029 13:18:46 2036+18:54:38
58974bdbdd-mj7vx: 1 07/20/2029 14:20:49 836+15:19:53
57cd9d779b-kzb6q: 1 07/20/2029 14:20:49 834+04:19:53
57cd9d779b-pf64n: 1 07/20/2029 13:18:24 19293+03:59:10
57cd9d779b-z4mbb: 1 07/20/2029 09:18:10 624+15:19:53
cp-srs-event-collector- 02/28/2021 19:00:00 624+15:19:53
service-7dbcf95d95-srzg2: 02/28/2021 19:00:00 624+15:19:53
1 02/28/2021 19:00:00 624+15:19:53
device-manager- 02/28/2021 19:00:00 624+15:19:53
68d49bd8cd-7bblp: 1 02/28/2021 19:00:00 2070+17:22:55
email-orchestrator- 02/28/2021 19:00:00 1740+18:42:41
backgroun-a72f96- 07/20/2029 11:22:07 1775+22:00:11
dbcb5f8cc-c4z5c: 1 07/20/2029 00:37:29 7423+15:19:53
email-orchestrator-kafka- 07/19/2029 23:17:02 8469+15:19:53
consumer-c9c74f569-wls45 07/20/2029 08:49:51 7869+15:19:53
:1 07/20/2029 14:21:28 11247+15:19:53
email-renderer-web- 07/20/2029 14:20:52 10239+15:19:53
6b8f7f957b-7fg7s: 1 07/20/2029 14:20:40 10527+15:19:53
floormap-svc-6cbbcc5c58- 07/20/2029 14:20:40 440+15:19:53
5fs2j: 1 07/20/2029 13:16:35 836+15:19:53
lksk2: 1 02/08/2018 15:37:12 10151+15:19:53
floorplan-image-service- 07/20/2029 14:11:05 10239+15:19:53
586b8f7b66-j4nr9: 1 01/04/2018 12:19:42 8469+15:19:53
586b8f7b66-mgfpt: 1 09/07/1999 20:00:00 7423+15:19:53
galaxy-sandbox- 04/29/2001 20:00:00 7423+15:19:53
868b4b877f-wgnxt: 1 01/29/1992 19:00:00 2217+21:00:08
galaxy-staging-6d8bbc7569 11/02/1994 19:00:00 745+15:19:53
-52tz7: 1 01/18/1994 19:00:00 806+15:19:53
gap-giro-service-web- 07/20/2029 13:18:58 806+15:19:53
6468ff4dd9-jgmq6: 1 07/20/2029 14:21:00 2047+19:19:38
759684789b-kvdms: 1 07/20/2029 13:15:00 805+15:19:54
gap-paynow-qrcode- 07/20/2029 13:15:20 805+15:19:54
backend-web-5f497df797- 07/20/2029 14:20:00 805+15:19:54
nhx2w: 1 08/31/2021 20:00:00 836+15:19:53
805+15:19:54
2022-11-15 10:22:03 EST

airlock-rabbitmq-6867cf77f-4jgjk
airlock-rabbitmq-7ccf5987cd-c5h5p
airlock-sidekiq-d54fdcdc-k6f7c
billing-discounts-service-bapi-statements-preview-7b6c6477mf498
billing-discounts-service-bapi-statements-preview-b657fc6dzx54m
billing-discounts-service-worker-6c8d649758-ghqq5
bp-giro-applications-web-75c4c9996b-64d2q
bp-giro-applications-web-7c6f456566-zjfhs
community-events-api-web-599b588d6d-nkxpw
cp-srs-event-collector-service-7dbcf95d95-srzg2
cron-inventory-management-master-1595980800-wkn5s
cron-inventory-management-staging-circleci-1595980800-xdc98
cron-inventory-management-staging-hostname-1595980800-sr9bg
cron-inventory-management-staging-ims734-1595980800-d2vhz
device-manager-68d49bd8cd-7bblp
email-orchestrator-backgroun-a72f96-dbcb5f8cc-c4z5c
email-orchestrator-kafka-consumer-c9c74f569-wls45
email-renderer-web-6b8f7f957b-7fg7s
floormap-svc-6cbbcc5c58-5fs2j
floormap-svc-6cbbcc5c58-lksk2
floorplan-image-service-586b8f7b66-j4nr9
floorplan-image-service-586b8f7b66-mgfpt
floorplan-image-service-7556df4688-nhdhj
floorplan-image-service-7556df4688-xjjjv
galaxy-sandbox-868b4b877f-wgnxt
galaxy-staging-6d8bbc7569-52tz7
gap-giro-service-web-6468ff4dd9-jgmq6
gap-giro-service-web-759684789b-kvdms
gap-paynow-qrcode-backend-web-5f497df797-nhx2w
gap-paynow-qrcode-backend-web-78796c84-c2c5s
gap-service-gateway-web-6fb4798b6f-gbw7z
gap-service-gateway-web-854c54d685-4qj25
gap-service-integrator-web-5bf85cfbd6-crlz5
gap-service-integrator-web-6847675944-ns5lw
gh-circleci-cd-trigger-service-0-58b875c84-kc8pw
gh-circleci-cd-trigger-service-0-7b5b68bbc9-cnf8s
hproam-648b8cbbb9-7674f
httpevent
inventory--inventory-management-mysql-monitor-66c455dd88-ggw9k
inventory-management-staging-hostname-6996c975-d84pk
inventory-management-staging-hostname-6996c975-qj7hl
inventory-management-staging-hostname-6996c975-w5x6x
inventory-management-staging-ims734-74cc59f4cc-dsg5z
inventory-management-staging-ims734-74cc59f4cc-ptjcq
inventory-management-staging-ims734-74cc59f4cc-qf65c
locations-api-sidekiq-ff6954465-d6xsm
locations-api-sidekiq-ff6954465-pgp4d
login-79b6d65d55-njfs8
mena-api-rmq-common-worker-776ccb96d6-rvksx
mena-api-rmq-consume-users-558cb6797f-gds92
mena-api-rmq-consume-users-d58f64f95-gdch2
mena-api-rmq-consume-users-d58f64f95-nr97w
mena-api-web-75c8b5f8c6-57nqr
mena-api-web-75c8b5f8c6-k4nln
mena-api-web-75c8b5f8c6-pg5p5
mw-services-jobscheduler-6c89df47d5-n8kpp
mw-services-jobscheduler-d5548b85b-hpw9f
net-terms-service-billing-api-previews-6dbb5cc794-brqbc
net-terms-service-billing-api-previews-856cc4cb99-j2rht
nginx-ingress-controller-74bb6b6d9f-4z4z7
nginx-ingress-controller-74bb6b6d9f-bhbgs
nginx-ingress-grpc-controller-d78cbbc9f-7v9nd
nginx-ingress-grpc-controller-d78cbbc9f-jx99p
nginx-ingress-grpc-controller-d78cbbc9f-sqp5w
nginx-ingress-internal-controller-69bb4f6449-m5prl
nginx-ingress-internal-controller-69bb4f6449-nszjj
nginx-ingress-internal-controller-69bb4f6449-vkgvw
notify-rabbitmq-5db86c4c59-2tpvb
notify-rabbitmq-5db86c4c59-2x8dn
notify-rabbitmq-5db86c4c59-bvqcd
notify-rabbitmq-5db86c4c59-lh45z
wek8s notify-rabbitmq-5db86c4c59-x9n84
_scrat notify-rabbitmq-655db498dd-mqf7k
68 ch 147 2 ... Truncated. 72.0% shown.
2022-11-15 10:22:03 EST

airlock-rabbitmq-6867cf77f- 06/06/1997 20:00:00

4jgjk: 1 07/19/2002 20:00:00
airlock-rabbitmq- 04/18/2017 16:25:15
7ccf5987cd-c5h5p: 2 08/31/2020 19:59:59
airlock-sidekiq-d54fdcdc- 07/31/2020 20:00:00
k6f7c: 1 08/31/2020 19:59:59
7b6c6477mf498: 1 08/03/2020 07:00:00
b657fc6dzx54m: 1 12/20/2037 00:23:03
worker-6c8d649758-ghqq5 10/20/2037 09:00:47
:1 10/22/2016 18:20:44
75c4c9996b-64d2q: 2 01/19/1970 06:20:43
7c6f456566-zjfhs: 1 07/20/2029 12:47:23
community-events-api- 07/20/2029 13:09:46
web-599b588d6d-nkxpw: 07/20/2029 01:10:47
2 07/20/2029 01:08:55
cp-srs-event-collector- 07/19/2029 23:04:57
service-7dbcf95d95-srzg2: 07/19/2029 23:06:33
1 07/20/2029 12:31:10 9292+15:19:53
cron-inventory- 07/20/2029 13:15:47 7423+15:19:53
management-master- 07/20/2029 14:21:25 2036+18:54:38
1595980800-wkn5s: 1 07/20/2029 13:18:40 805+15:19:54
cron-inventory- 07/20/2029 13:18:46 836+15:19:53
management-staging- 07/20/2029 14:20:39 805+15:19:54
circleci-1595980800-xdc98 07/20/2029 14:20:49 834+04:19:53
:1 07/20/2029 13:19:05 2214+16:59:09
cron-inventory- 07/20/2029 14:20:49 19293+03:59:10
management-staging- 07/20/2029 13:19:08 00:00:01
hostname-1595980800- 07/20/2029 11:57:04 624+15:19:53
sr9bg: 1 07/20/2028 17:10:05 624+15:19:53
cron-inventory- 07/20/2029 14:00:11 624+15:19:53
management-staging- 11/15/2022 10:19:52 624+15:19:53
ims734-1595980800-d2vhz 07/20/2029 09:18:10 624+15:19:53
:1 02/28/2021 19:00:00 624+15:19:53
device-manager- 02/28/2021 19:00:00 2070+17:22:55
68d49bd8cd-7bblp: 2 02/28/2021 19:00:00 1740+18:42:41
email-orchestrator- 02/28/2021 19:00:00 1775+22:00:11
backgroun-a72f96- 02/28/2021 19:00:00 7423+15:19:53
dbcb5f8cc-c4z5c: 2 02/28/2021 19:00:00 8469+15:19:53
email-orchestrator-kafka- 03/15/2017 17:56:58 7869+15:19:53
consumer-c9c74f569-wls45 02/08/2018 15:37:12 11247+15:19:53
:2 07/20/2029 14:11:05 10239+15:19:53
email-renderer-web- 01/04/2018 12:19:42 10527+15:19:53
6b8f7f957b-7fg7s: 2 07/19/2002 20:00:00 440+15:19:53
5fs2j: 2 04/29/2001 20:00:00 7869+15:19:53
lksk2: 2 11/02/1994 19:00:00 10239+15:19:53
586b8f7b66-j4nr9: 1 07/20/2029 13:18:58 9690+15:19:53
586b8f7b66-mgfpt: 1 08/31/2021 20:00:00 7423+15:19:53
7556df4688-nhdhj: 1 07/20/2029 10:09:06 2217+21:00:08
7556df4688-xjjjv: 1 07/20/2029 10:38:34 1812+18:16:25
galaxy-sandbox- 07/20/2029 13:16:12 745+15:19:53
868b4b877f-wgnxt: 2 07/20/2029 08:48:15 806+15:19:53
galaxy-staging-6d8bbc7569 07/20/2029 09:33:12 806+15:19:53
-52tz7: 2 07/20/2029 09:56:44 2047+19:19:38
6468ff4dd9-jgmq6: 1 04/29/2001 20:00:00 805+15:19:54
759684789b-kvdms: 2 11/02/1994 19:00:00 805+15:19:54
gap-paynow-qrcode- 09/07/1999 20:00:00 805+15:19:54
backend-web-5f497df797- 05/04/1996 20:00:00 805+15:19:54
nhx2w: 2 07/19/2002 20:00:00 836+15:19:53
805+15:19:54
2022-11-15 10:22:03 EST

wewor
k_ww
69 w 1 1 httpevent
PerfmonMk:CPU
PerfmonMk:LogicalDisk
PerfmonMk:Memory
windo PerfmonMk:Process
70 ws 5 69 WinHostMon
winev
71 entlog 1 65 WinEventLog
workd
72 ay 1 2 workday:user_activity
2022-11-15 10:22:03 EST

69 httpevent: 1 11/15/2022 10:19:52 00:00:01
PerfmonMk:CPU: 61 11/15/2022 10:19:45 00:00:08

PerfmonMk:LogicalDisk: 61 11/15/2022 10:19:36 00:00:17
PerfmonMk:Memory: 61 11/15/2022 10:19:45 00:00:08
PerfmonMk:Process: 61 11/15/2022 10:19:45 00:00:08
70 WinHostMon: 69 11/15/2022 10:19:41 00:00:12
71 WinEventLog: 65 11/15/2022 10:19:44 00:00:09
72 workday:user_activity: 2 11/15/2022 10:11:18 00:08:35
2022-11-15 10:22:03 EST

Splunk - Data - Assessment 2022 11 15

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Splunk - Data - Assessment 2022 11 15

Uploaded by

Copyright:

Available Formats

84

739,223 Unique Sourcetype(s)

721,542 Unique Host(s)

Index Detail by Sourcetype and Contributing Forwarders - (Click to search

2022-11-15 10:22:03 EST

Data Source Inventory Page 1

1 onepassword:event: 1 11/15/2022 10:17:45 00:02:08

3 httpevent: 1 11/15/2022 10:19:52 00:00:01

4 httpevent: 1 11/15/2022 10:19:52 00:00:01

5 stash: 2 11/15/2022 10:18:00 00:01:53

6 httpevent: 1 11/15/2022 10:19:52 00:00:01

OktaIM2:app: 1 11/14/2022 10:05:21 1+00:14:32

2022-11-15 10:22:03 EST

Data Source Inventory Page 2

8 aws:cloudtrail: 5 11/15/2022 10:19:21 00:00:32

modular_alerts:notable: 2 11/15/2022 10:10:11 00:09:42

10 osquery_json: 4 11/15/2022 16:57:11

11 slack:audit_logs: 1 11/15/2022 10:19:14 00:00:39

13 github:json: 1 11/15/2022 10:19:15 00:00:38

14 opendns:dnslogs: 1 11/15/2022 10:10:03 00:09:50

15 iis:smtp:log: 9 11/14/2022 16:35:23 17:44:30

16 stash: 2 11/15/2022 10:18:00 00:01:53

17 httpevent: 1 11/15/2022 10:19:52 00:00:01

fgt_event: 12 11/15/2022 10:19:41 00:00:12

19 stash: 2 11/15/2022 10:18:00 00:01:53

20 github:json: 1 11/15/2022 10:19:15 00:00:38

21 manual: 1 10/24/2022 10:12:03 22+01:07:50

22 stash: 2 11/15/2022 10:18:00 00:01:53

2022-11-15 10:22:03 EST

Data Source Inventory Page 3

23 stash: 2 11/15/2022 10:18:00 00:01:53

24 httpevent: 1 11/15/2022 10:19:52 00:00:01

jamf:computer_event: 1 11/15/2022 10:19:50 00:00:03

2022-11-15 10:22:03 EST

Data Source Inventory Page 4

2022-11-15 10:22:03 EST

Data Source Inventory Page 5

httpevent: 6 11/15/2022 10:19:52 00:00:01

2022-11-15 10:22:03 EST

Data Source Inventory Page 6

2022-11-15 10:22:03 EST

Data Source Inventory Page 7

httpevent: 24 11/15/2022 10:19:52 00:00:01

2022-11-15 10:22:03 EST

Data Source Inventory Page 8

2022-11-15 10:22:03 EST

Data Source Inventory Page 9

httpevent: 1 11/15/2022 10:19:52 00:00:01

2022-11-15 10:22:03 EST

Data Source Inventory Page 10

2022-11-15 10:22:03 EST

Data Source Inventory Page 11

httpevent: 6 11/15/2022 10:19:52 00:00:01

2022-11-15 10:22:03 EST

Data Source Inventory Page 12

2022-11-15 10:22:03 EST

Data Source Inventory Page 13

OktaIM2:app: 1 11/14/2022 10:05:21 1+00:14:32

Unix:Update: 13 11/15/2022 09:13:54 01:05:59

33 : 1 11/15/2022 10:19:51 00:00:02

34 : 1 11/15/2022 10:19:51 00:00:02

35 _json: 1 11/15/2022 06:07:33 04:12:20

36 _json: 1 11/15/2022 06:07:33 04:12:20