How to do it...

Follow the steps in this recipe to identify potential session spoofing activity:

  1. Log in to your Splunk server.
  2. Select the Splunk Machine Learning Toolkit application.
  3. Click on the Assistants dropdown menu and select Detect Numeric Outliers:
  1. Ensure the time range picker is set to Last 24 Hours, and type the following search into the search bar. Then, click on the search button or hit Enter:
index=main sourcetype="access_combined" | table _time response 
  1. The Splunk Machine Learning Toolkit will now return a Raw Data Preview of the results:
  2. Now, let's choose the appropriate options to perform outlier detection. From the ...

Get Splunk Operational Intelligence Cookbook - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.