Hi,
We have pulled logs from our Anti Virus software into splunk and are in process of trying to filter through what we actually want to track.
We want to track all events that relate to sites blocked for particular reasons EG:
'https://ads.converge-digital.com' blocked due to category 'Proxies & Translators'
We have a lot of different sites that are being blocked in the same way, so is there a way to group these all together so we can see everything that has been blocked by 'Proxies and Translators' as opposed to sifting through each individual event?
Thanks
↧