coalesce Function in Splunk

Posted on December 30, 2024

The Splunk coalesce function returns the first non-null value among its arguments. It’s useful for normalizing data from different sources with varying field names.

For example, to unify multiple source IP fields into a single src_ip field:

| eval src_ip = coalesce(src_ip, sourceip, source_ip, sip, ip)

The post coalesce Function in Splunk appeared first on SOC Prime.

“Rogue RDP” Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers

Threats

Adversaries frequently exploit remote management tools in their offensive campaigns,…

rooter
October 24, 2024
4 min read
0

UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware

Threats

The Vermin hacking collective, also tracked as UAC-0020, resurfaces, targeting Ukraine…

rooter
August 21, 2024
5 min read
0

Fluentd: How to Use a Parser With Regular Expression (regexp)

Threats

This guide explains configuring Fluentd to extract structured data from…

rooter
December 23, 2024
3 min read
0

Fighting Ursa (aka APT28) Attack Detection: Adversaries Target Diplomats Using a Car for Sale as a Phishing Lure to Spread HeadLace Malware

Threats

The nefarious russian state-sponsored APT28 hacking collective, also known as…

rooter
August 5, 2024
4 min read
0

Related Posts

“Rogue RDP” Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers

UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware

Fluentd: How to Use a Parser With Regular Expression (regexp)

Fighting Ursa (aka APT28) Attack Detection: Adversaries Target Diplomats Using a Car for Sale as a Phishing Lure to Spread HeadLace Malware