I'm very new to searching data models in Splunk and I want to search within my network data model to monitor certain ports. I know I can use the All_traffic.dest_port, but I can't figure out how to make it work. I want dashboards to track failed and successful logins on devices by tracking these ports. So, I need to track ssh logins on port 22 and rdp logins on 3389. Then I want to create a notable event from this search which I know how to create. I just need help using the data model since I'm new to data models. Thanks.
↧