Hi Everyone
I practicing the event and having problem doing search on the dataset. When I just search the answer I can see the event, but when I use splunk search query the answer is not appear for some reason.
Question
What is the name of the file that defaced the imreallynotbatman.com website? Please submit only the name of the file with extension (For example "notepad.exe" or "favicon.ico")
Answer is poisonivy-is-coming-for-you-batman.jpeg
so if I just search poisonivy-is-coming-for-you-batman.jpeg it give me two events
![alt text][1]
However when I do search sourcetype=suricata src_ip=192.168.250.70 | table url | search url=*batman* it does not give me that event, and this happens to a lot of questions, Any suggestion what is happened?
![alt text][2]
[1]: /storage/temp/255814-1.png
[2]: /storage/temp/255815-2.png
↧