Need help in Splunk Lab!

Question

I am attempting the Splunk collection under Upskill. In the final lab i.e. Demonstrate your skill lab, I am getting stuck at a particular task.

This is the prompt that I need to solve.
The problem is there is no field for Destination IP in the log.

Whenever I search according to the prompt, no results are returned and the question won't take 0 as an answer.

Please help me move forward.

s1m0n07 · Answer

Hi SushiPanda​ As you can see, the DestinationIp field is not automatically extracted, even if you switch to Verbose mode. You can try and extract "new fields" that contain this value and look through results, which should help practice SPL more ;) or remember to chain in your search the correct field name.&nbsp;

sushipanda · Answer

Hi S1m0n07​, the problem is that there is no IP mentioned in the log for the given host and source.This is a screenshot of one of the events with the given host and source. I don't see any IP.

Forum Discussion

Need help in Splunk Lab!

2 Replies

Featured Places

Help

Related Content

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

APT29 Threat Hunting with Splunk: Ep.4 – Clean-up & Reconnaissance

FIN7 Threat Hunting with Splunk: Ep.2 – Initial Access

APT29 Threat Hunting with Splunk Ep.11 Q11

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Recent Discussions

Mobile Malware: Anubis Malware (Offensive) - Question 8,9

Modern Encryption Issue

Lab not getting complete even it is correct

Lesson 7: Windows File Permissions

Need help in Splunk Lab!