Follow the steps in this recipe to identify potential session spoofing activity:
- Log in to your Splunk server.
- Select the Splunk Machine Learning Toolkit application.
- Click on the Assistants dropdown menu and select Detect Numeric Outliers:
- Ensure the time range picker is set to Last 24 Hours, and type the following search into the search bar. Then, click on the search button or hit Enter:
index=main sourcetype="access_combined" | table _time response
- The Splunk Machine Learning Toolkit will now return a Raw Data Preview of the results:
- Now, let's choose the appropriate options to perform outlier detection. From the ...