{"endtime":"2021-04-21T07:42:18.018625Z","timestamp":"2021-04-21T07:42:18.018328Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005086","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005086 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":297,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005086"} {"endtime":"2021-04-21T07:42:18.018796Z","timestamp":"2021-04-21T07:42:18.017828Z","bytes":1889,"bytes_in":733,"bytes_out":1156,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618990005085","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005085 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":968,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005085"} {"endtime":"2021-04-21T07:42:18.019060Z","timestamp":"2021-04-21T07:42:18.017951Z","bytes":1889,"bytes_in":733,"bytes_out":1156,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618989993082","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993082 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":1109,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993082"} {"endtime":"2021-04-21T07:42:18.019530Z","timestamp":"2021-04-21T07:42:18.017828Z","bytes":1679,"bytes_in":919,"bytes_out":760,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1702,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:42:18.019829Z","timestamp":"2021-04-21T07:42:18.018357Z","bytes":1682,"bytes_in":918,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":1472,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:42:18.020741Z","timestamp":"2021-04-21T07:42:18.020548Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993083","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993083 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":193,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993083"} {"endtime":"2021-04-21T07:42:18.551899Z","timestamp":"2021-04-21T07:42:18.183453Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"32ddb01a-425a-4f0e-ad34-bfdf7dc190a5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49985,"status":200,"time_taken":368504,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:42:18.555961Z","timestamp":"2021-04-21T07:42:18.187603Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cf007f46-a768-4446-9822-84e35347d4ed","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49985,"status":200,"time_taken":368532,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:19.488298Z","timestamp":"2021-04-21T07:42:19.118724Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c3dfb316-fc1b-4b77-8f06-ae7964b56712","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54072,"status":200,"time_taken":369827,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:19.575299Z","timestamp":"2021-04-21T07:42:19.217374Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9a37e693-3c6b-41e3-a5c9-5ad941a41b86","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53310,"status":200,"time_taken":358272,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:20.234777Z","timestamp":"2021-04-21T07:42:20.234777Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4015988} {"endtime":"2021-04-21T07:42:20.234772Z","timestamp":"2021-04-21T07:42:20.234772Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:42:20.234765Z","timestamp":"2021-04-21T07:42:20.234765Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4015988} {"endtime":"2021-04-21T07:42:20.234707Z","timestamp":"2021-04-21T07:42:20.234707Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4015988} {"endtime":"2021-04-21T07:42:24.503232Z","timestamp":"2021-04-21T07:42:24.136619Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dcb9e16d-404b-4370-a712-71baf2e25a99","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49986,"status":200,"time_taken":366654,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:42:24.507243Z","timestamp":"2021-04-21T07:42:24.140775Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b25fb0d7-d0fe-477e-9abf-7dd8c883250e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49986,"status":200,"time_taken":366644,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:24.610663Z","timestamp":"2021-04-21T07:42:24.239927Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d7f279f7-afa7-47f0-a8b0-ed46ab9bcf38","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54074,"status":200,"time_taken":370932,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:25.489213Z","timestamp":"2021-04-21T07:42:25.123333Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9becaeb8-1ca9-4312-bb0f-b98c7d1d00d2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53311,"status":200,"time_taken":366126,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:29.499552Z","timestamp":"2021-04-21T07:42:29.137061Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"89070ee2-4a5b-4d1c-b376-36461edd712c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49987,"status":200,"time_taken":362549,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:42:29.503594Z","timestamp":"2021-04-21T07:42:29.141226Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"55562325-5e00-4362-b1af-98c261d408c2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49987,"status":200,"time_taken":362552,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:30.476457Z","timestamp":"2021-04-21T07:42:30.112549Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f32717aa-7832-4f39-8ba9-145e18c35ef8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54076,"status":200,"time_taken":364387,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:30.548888Z","timestamp":"2021-04-21T07:42:30.185972Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"aaadc69a-7a01-4f24-99cc-53cd1b34873d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53313,"status":200,"time_taken":363285,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:35.436996Z","timestamp":"2021-04-21T07:42:35.074301Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1cb6be28-d782-48c2-8bab-06a2239e5ad7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49988,"status":200,"time_taken":362720,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:42:35.441059Z","timestamp":"2021-04-21T07:42:35.078480Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f47511f3-7be8-4664-b050-57c5240ff1f4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49988,"status":200,"time_taken":362742,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:35.592926Z","timestamp":"2021-04-21T07:42:35.228348Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5670b68c-2356-422d-9b69-b1c28f86e941","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54078,"status":200,"time_taken":364795,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:36.439637Z","timestamp":"2021-04-21T07:42:36.076251Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bd05d49b-9a53-4796-906c-8f175d4174e8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53315,"status":200,"time_taken":363674,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:41.449983Z","timestamp":"2021-04-21T07:42:41.074487Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d9a0e16c-da58-4dd6-b973-794acf812291","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49989,"status":200,"time_taken":375547,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:42:41.454091Z","timestamp":"2021-04-21T07:42:41.078666Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7eb11528-4fe4-47fc-b161-b1aea7e1e4e2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49989,"status":200,"time_taken":375621,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:41.456224Z","timestamp":"2021-04-21T07:42:41.094746Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8d974812-9a4d-4607-86ad-7355f80cbb84","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54080,"status":200,"time_taken":361752,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:41.577652Z","timestamp":"2021-04-21T07:42:41.216689Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a5aa3532-7765-4768-bbfa-4a3132d289d2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53316,"status":200,"time_taken":361276,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:46.572596Z","timestamp":"2021-04-21T07:42:46.207605Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3cb578f9-1dfe-48c2-b725-fe21a5da4cd1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54082,"status":200,"time_taken":365171,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:47.440029Z","timestamp":"2021-04-21T07:42:47.074403Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"eae2b100-844c-4b3e-b460-d8b18d0a661f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49990,"status":200,"time_taken":365646,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:42:47.444103Z","timestamp":"2021-04-21T07:42:47.078606Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9bc9989e-e12f-40ed-9647-d993ac052e18","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49990,"status":200,"time_taken":365655,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:47.494532Z","timestamp":"2021-04-21T07:42:47.122770Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a2954867-ec08-45a3-9fec-d7ef20b1970e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53317,"status":200,"time_taken":372034,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:52.438807Z","timestamp":"2021-04-21T07:42:52.074451Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1fab94a5-3771-4614-9640-3186c3d8b882","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54084,"status":200,"time_taken":364561,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:52.582114Z","timestamp":"2021-04-21T07:42:52.216717Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9029ff71-c484-46f7-a323-bc19fc700e7e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53318,"status":200,"time_taken":365663,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:53.435976Z","timestamp":"2021-04-21T07:42:53.074524Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"260b6f84-55ea-42e5-8264-55e1aa99678b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49991,"status":200,"time_taken":361485,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:42:53.440089Z","timestamp":"2021-04-21T07:42:53.078720Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ab85c513-ef5e-4f47-9b13-1f493afb034d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49991,"status":200,"time_taken":361539,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:57.559079Z","timestamp":"2021-04-21T07:42:57.190744Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7d32c334-22a0-4ecc-b0a2-a4837626ed7c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54086,"status":200,"time_taken":368596,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:58.051184Z","timestamp":"2021-04-21T07:42:58.051184Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/","sum(bytes_in)":381,"sum(bytes_out)":799,"sum(time_taken)":1908} {"endtime":"2021-04-21T07:42:58.051184Z","timestamp":"2021-04-21T07:42:58.051184Z","count":1,"dest_ip":"93.184.220.29","status":200} {"endtime":"2021-04-21T07:42:58.051184Z","timestamp":"2021-04-21T07:42:58.051184Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":1908} {"endtime":"2021-04-21T07:42:58.051184Z","timestamp":"2021-04-21T07:42:58.051184Z","count":1,"c_ip":"10.0.1.14","sum(bytes_in)":381,"sum(bytes_out)":799,"sum(time_taken)":1908} {"endtime":"2021-04-21T07:42:58.426164Z","timestamp":"2021-04-21T07:42:58.059997Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f7f7ae00-1868-409e-bed8-476782e35416","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53319,"status":200,"time_taken":366490,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:42:58.451285Z","timestamp":"2021-04-21T07:42:58.074485Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1bc4049b-64e9-4e8f-a918-7e6937f1bc46","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49992,"status":200,"time_taken":376850,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:42:58.455402Z","timestamp":"2021-04-21T07:42:58.078699Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cb395407-e8c1-4975-aa94-366c56797e5b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49992,"status":200,"time_taken":376890,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:00.202650Z","timestamp":"2021-04-21T07:43:00.200093Z","bytes":469,"bytes_in":280,"bytes_out":189,"dest_ip":"205.185.216.42","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"1d8ec4bd-d75c-4c2b-8897-05085918db42","form_data":"3a067a45df9c97ff","http_comment":"HTTP/1.1 304 Not Modified","http_method":"GET","http_user_agent":"Microsoft-CryptoAPI/10.0","protocol_stack":"ip:tcp:http:windows_update","request":"GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?3a067a45df9c97ff HTTP/1.1","site":"ctldl.windowsupdate.com","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53320,"status":304,"time_taken":2581,"transport":"tcp","uri_path":"/msdownload/update/v3/static/trustedr/en/authrootstl.cab","uri_query":"3a067a45df9c97ff"} {"endtime":"2021-04-21T07:43:03.440181Z","timestamp":"2021-04-21T07:43:03.060848Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a3a8799c-d98c-4a46-b6d2-1ca59c4a29e2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54088,"status":200,"time_taken":379522,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:03.487539Z","timestamp":"2021-04-21T07:43:03.122340Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b4d74d68-ce68-481d-b99f-2ab46e1c243d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53321,"status":200,"time_taken":365473,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:03.505074Z","timestamp":"2021-04-21T07:43:03.137124Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4116358f-73d2-4796-ad51-7ebcf6807ee2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49993,"status":200,"time_taken":367996,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:03.509173Z","timestamp":"2021-04-21T07:43:03.141364Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"57b2b4f2-cb73-4d6b-87aa-de57dbbc367a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49993,"status":200,"time_taken":367966,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:08.559023Z","timestamp":"2021-04-21T07:43:08.191939Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0f33839d-379a-4696-94be-b6048c5f6d70","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54090,"status":200,"time_taken":367300,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:08.611651Z","timestamp":"2021-04-21T07:43:08.247082Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4887b0ac-675e-44cd-b469-a88b5031d7a2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53322,"status":200,"time_taken":364785,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:09.458858Z","timestamp":"2021-04-21T07:43:09.096489Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f22b7613-6543-4c01-b6a0-fa09c64e3b60","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49995,"status":200,"time_taken":362423,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:09.463014Z","timestamp":"2021-04-21T07:43:09.100739Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"de308420-0d10-418b-95db-dfc4e7efe5e3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49995,"status":200,"time_taken":362459,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:14.422704Z","timestamp":"2021-04-21T07:43:14.060828Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d043bf94-4a8b-41e8-b162-4cf70a505fe7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54092,"status":200,"time_taken":362141,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:14.485913Z","timestamp":"2021-04-21T07:43:14.121822Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cf777ebe-0082-4705-985b-1a0df5ef0fe2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53323,"status":200,"time_taken":364331,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:15.380576Z","timestamp":"2021-04-21T07:43:15.018369Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3f56c825-ef7f-4a76-8e44-a38ca3b5150c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49996,"status":200,"time_taken":362268,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:15.384747Z","timestamp":"2021-04-21T07:43:15.022632Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c3c21e17-fbe2-4fbc-9ba8-92a64b80dc0e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49996,"status":200,"time_taken":362295,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:17.013648Z","timestamp":"2021-04-21T07:43:17.013648Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4855,"sum(bytes_out)":5793,"sum(time_taken)":5514} {"endtime":"2021-04-21T07:43:17.013648Z","timestamp":"2021-04-21T07:43:17.013648Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4038984} {"endtime":"2021-04-21T07:43:17.013648Z","timestamp":"2021-04-21T07:43:17.013648Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4032895} {"endtime":"2021-04-21T07:43:17.013648Z","timestamp":"2021-04-21T07:43:17.013648Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4011409} {"endtime":"2021-04-21T07:43:17.013732Z","timestamp":"2021-04-21T07:43:17.013732Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":12088802} {"endtime":"2021-04-21T07:43:17.013740Z","timestamp":"2021-04-21T07:43:17.013740Z","count":39,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:43:17.013747Z","timestamp":"2021-04-21T07:43:17.013747Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":919,"sum(bytes_out)":764,"sum(time_taken)":1611} {"endtime":"2021-04-21T07:43:17.013747Z","timestamp":"2021-04-21T07:43:17.013747Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":918,"sum(bytes_out)":764,"sum(time_taken)":1747} {"endtime":"2021-04-21T07:43:17.013747Z","timestamp":"2021-04-21T07:43:17.013747Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1466,"sum(bytes_out)":2317,"sum(time_taken)":1646} {"endtime":"2021-04-21T07:43:17.013747Z","timestamp":"2021-04-21T07:43:17.013747Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1552,"sum(bytes_out)":1948,"sum(time_taken)":510} {"endtime":"2021-04-21T07:43:17.013747Z","timestamp":"2021-04-21T07:43:17.013747Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12083288} {"endtime":"2021-04-21T07:43:18.038558Z","timestamp":"2021-04-21T07:43:18.037796Z","bytes":1889,"bytes_in":733,"bytes_out":1156,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&_=1618989993084","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993084 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":762,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993084"} {"endtime":"2021-04-21T07:43:18.039617Z","timestamp":"2021-04-21T07:43:18.037796Z","bytes":1677,"bytes_in":919,"bytes_out":758,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":1821,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:43:18.042593Z","timestamp":"2021-04-21T07:43:18.042327Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005088","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005088 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":266,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005088"} {"endtime":"2021-04-21T07:43:18.042668Z","timestamp":"2021-04-21T07:43:18.042327Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993085","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993085 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":341,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993085"} {"endtime":"2021-04-21T07:43:18.042723Z","timestamp":"2021-04-21T07:43:18.042327Z","bytes":1895,"bytes_in":733,"bytes_out":1162,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&_=1618990005087","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005087 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":396,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005087"} {"endtime":"2021-04-21T07:43:18.043066Z","timestamp":"2021-04-21T07:43:18.041744Z","bytes":1682,"bytes_in":918,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1322,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:43:19.536861Z","timestamp":"2021-04-21T07:43:19.174711Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2876cfb3-f9a4-4421-86b8-c0f5bfc4b18e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54096,"status":200,"time_taken":362351,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:19.573224Z","timestamp":"2021-04-21T07:43:19.215359Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7fcc72c0-c67e-46c1-b751-7447642a225e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53324,"status":200,"time_taken":358085,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:21.033415Z","timestamp":"2021-04-21T07:43:21.033415Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3664138} {"endtime":"2021-04-21T07:43:21.033410Z","timestamp":"2021-04-21T07:43:21.033410Z","count":10,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:43:21.033404Z","timestamp":"2021-04-21T07:43:21.033404Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3664138} {"endtime":"2021-04-21T07:43:21.033361Z","timestamp":"2021-04-21T07:43:21.033361Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3664138} {"endtime":"2021-04-21T07:43:21.418101Z","timestamp":"2021-04-21T07:43:21.049691Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"10dbf663-ffac-456c-b2e4-67d3bd3b8c82","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49997,"status":200,"time_taken":368459,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:21.422221Z","timestamp":"2021-04-21T07:43:21.053969Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7b0bbf8d-486b-43cb-8725-b51c91d2f0f6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49997,"status":200,"time_taken":368418,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:25.408072Z","timestamp":"2021-04-21T07:43:25.038877Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4aa85776-9df7-48a4-937b-535c1c3edcf4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54098,"status":200,"time_taken":369431,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:25.485593Z","timestamp":"2021-04-21T07:43:25.121681Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0dafdedd-e88a-4e1d-af1c-78a043b05078","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53325,"status":200,"time_taken":364223,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:26.555597Z","timestamp":"2021-04-21T07:43:26.190457Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7ea17850-6a6d-4081-b191-1cac16022894","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49998,"status":200,"time_taken":365200,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:26.559778Z","timestamp":"2021-04-21T07:43:26.194754Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4887a4a0-d8e7-4cf8-9fe7-ce4d66d2f80c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49998,"status":200,"time_taken":365211,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:30.526001Z","timestamp":"2021-04-21T07:43:30.159768Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8f3ed38f-937b-41c7-8815-3615f10bb95f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54100,"status":200,"time_taken":366461,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:30.598932Z","timestamp":"2021-04-21T07:43:30.230878Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b3c73110-06ba-4203-90c8-3a64efb2c3d8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53327,"status":200,"time_taken":368398,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:32.516559Z","timestamp":"2021-04-21T07:43:32.143614Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5c503e3f-94e2-44da-a77f-f52b6c324d11","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49999,"status":200,"time_taken":372988,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:32.520738Z","timestamp":"2021-04-21T07:43:32.147914Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"466ad405-8da6-4729-a084-77e5f73cdc7c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":49999,"status":200,"time_taken":372990,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:36.393610Z","timestamp":"2021-04-21T07:43:36.027655Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"72811d19-f7a9-45ea-96c4-5a0811409a20","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54102,"status":200,"time_taken":366138,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:36.483336Z","timestamp":"2021-04-21T07:43:36.121276Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a8c99361-0a1d-4516-9182-92e5f3ce0d11","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53329,"status":200,"time_taken":362397,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:37.502262Z","timestamp":"2021-04-21T07:43:37.143690Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cce4a882-eb23-4a52-bca7-43cdae63de84","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50000,"status":200,"time_taken":358649,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:37.506483Z","timestamp":"2021-04-21T07:43:37.147976Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7e144a6a-a436-44f4-8d5a-f96e132fded9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50000,"status":200,"time_taken":358707,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:41.518114Z","timestamp":"2021-04-21T07:43:41.145272Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1a06c53e-f1b1-4b78-9f43-52b9eb133d0f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54104,"status":200,"time_taken":373025,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:41.590407Z","timestamp":"2021-04-21T07:43:41.215011Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"19321b6b-cca4-4a3f-8681-6475bca3d8c9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53330,"status":200,"time_taken":375773,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:43.423687Z","timestamp":"2021-04-21T07:43:43.049905Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7629674c-9123-48fb-9883-60955364d1e2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50001,"status":200,"time_taken":373815,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:43.427891Z","timestamp":"2021-04-21T07:43:43.054245Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1ee4e256-e05a-4b24-a84a-b0f8d3c911c9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50001,"status":200,"time_taken":373796,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:47.382848Z","timestamp":"2021-04-21T07:43:47.019846Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"74d4894f-b511-450f-85a7-e5acae0b0913","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54106,"status":200,"time_taken":363212,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:47.485305Z","timestamp":"2021-04-21T07:43:47.121081Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0360e1b4-72a2-4d4f-9f1b-64d14e3174f8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53331,"status":200,"time_taken":364611,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:48.593691Z","timestamp":"2021-04-21T07:43:48.221953Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bfbbb55a-efae-4ec1-ae76-4a81731b2c7b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50002,"status":200,"time_taken":371804,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:48.597948Z","timestamp":"2021-04-21T07:43:48.226313Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b3964b02-a4f6-415e-b3b4-ad6efa6e6214","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50002,"status":200,"time_taken":371833,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:52.501846Z","timestamp":"2021-04-21T07:43:52.134561Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e3c3661b-9d50-4dd2-a3de-bf3f251e13e7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54108,"status":200,"time_taken":367881,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:52.612620Z","timestamp":"2021-04-21T07:43:52.246160Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a1934aa2-f7ee-4f6f-a074-c26dcd515e53","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53332,"status":200,"time_taken":366749,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:54.367276Z","timestamp":"2021-04-21T07:43:54.003205Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"95c15fc7-24f7-4cf6-80e3-7065c5ec08e5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50003,"status":200,"time_taken":364123,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:54.371480Z","timestamp":"2021-04-21T07:43:54.007578Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c85e5e60-b05e-4528-805f-d11eb0ec6bbb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50003,"status":200,"time_taken":364096,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:57.629630Z","timestamp":"2021-04-21T07:43:57.253482Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f7c41cbb-2498-4c04-8df4-8956e239f352","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54110,"status":200,"time_taken":376478,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:58.501727Z","timestamp":"2021-04-21T07:43:58.136322Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ecaa10cf-ffd0-4b38-b949-47d4d4013f03","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53333,"status":200,"time_taken":365700,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:43:59.496750Z","timestamp":"2021-04-21T07:43:59.128278Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7d10a229-9af4-4b0c-8192-c1699fc6c160","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50004,"status":200,"time_taken":368531,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:43:59.501042Z","timestamp":"2021-04-21T07:43:59.132678Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6f6be788-75d1-42b3-94aa-28205d72ef51","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50004,"status":200,"time_taken":368574,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:03.499362Z","timestamp":"2021-04-21T07:44:03.131544Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e5509687-d540-420d-83a9-ebe6b204fbcc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54112,"status":200,"time_taken":368033,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:03.528182Z","timestamp":"2021-04-21T07:44:03.167337Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d53a09eb-42bc-4a3e-8608-08f2a634146e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53334,"status":200,"time_taken":361203,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:05.466848Z","timestamp":"2021-04-21T07:44:05.097091Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4609f0f8-b7ea-4515-a4a3-6db654f47c2f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50005,"status":200,"time_taken":369791,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:05.471124Z","timestamp":"2021-04-21T07:44:05.101533Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e515c6d6-6e4c-442c-9973-e24096d460a9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50005,"status":200,"time_taken":369757,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:08.617152Z","timestamp":"2021-04-21T07:44:08.250993Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"521b7811-4ea4-4ed0-a355-c47f5205263b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54114,"status":200,"time_taken":366362,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:09.425792Z","timestamp":"2021-04-21T07:44:09.057762Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a6ede7f6-058b-4234-9899-c01aad3df10f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53335,"status":200,"time_taken":368357,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:10.174009Z","timestamp":"2021-04-21T07:44:10.174009Z","count":1,"dest_ip":"205.185.216.42","site":"ctldl.windowsupdate.com","status":304,"uri_path":"/msdownload/update/v3/static/trustedr/en/authrootstl.cab","sum(bytes_in)":280,"sum(bytes_out)":189,"sum(time_taken)":2581} {"endtime":"2021-04-21T07:44:10.174009Z","timestamp":"2021-04-21T07:44:10.174009Z","count":1,"dest_ip":"205.185.216.42","status":304} {"endtime":"2021-04-21T07:44:10.174009Z","timestamp":"2021-04-21T07:44:10.174009Z","count":1,"dest_ip":"205.185.216.42","sum(time_taken)":2581} {"endtime":"2021-04-21T07:44:10.174009Z","timestamp":"2021-04-21T07:44:10.174009Z","count":1,"c_ip":"10.0.1.14","sum(bytes_in)":280,"sum(bytes_out)":189,"sum(time_taken)":2581} {"endtime":"2021-04-21T07:44:10.474289Z","timestamp":"2021-04-21T07:44:10.105551Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2d92f849-102b-44b1-858a-96a908be4db5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50007,"status":200,"time_taken":368783,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:10.478641Z","timestamp":"2021-04-21T07:44:10.109970Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ade44a7b-97f4-4f12-b009-0cdb967233ae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50007,"status":200,"time_taken":368849,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:14.052908Z","timestamp":"2021-04-21T07:44:14.051892Z","bytes":1889,"bytes_in":733,"bytes_out":1156,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&_=1618989993086","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993086 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1016,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993086"} {"endtime":"2021-04-21T07:44:14.057166Z","timestamp":"2021-04-21T07:44:14.056710Z","bytes":1895,"bytes_in":733,"bytes_out":1162,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618990005089","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005089 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":456,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005089"} {"endtime":"2021-04-21T07:44:14.057283Z","timestamp":"2021-04-21T07:44:14.057004Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005090","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005090 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":279,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005090"} {"endtime":"2021-04-21T07:44:14.057336Z","timestamp":"2021-04-21T07:44:14.057004Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993087","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993087 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":332,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993087"} {"endtime":"2021-04-21T07:44:14.057602Z","timestamp":"2021-04-21T07:44:14.056143Z","bytes":1683,"bytes_in":919,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":1459,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:44:14.058284Z","timestamp":"2021-04-21T07:44:14.056731Z","bytes":1682,"bytes_in":918,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":1553,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:44:14.455426Z","timestamp":"2021-04-21T07:44:14.090141Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1c16e63e-020b-49c5-9c72-1cab18115dcc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53336,"status":200,"time_taken":365677,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:14.479190Z","timestamp":"2021-04-21T07:44:14.119000Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7d194e96-eea1-4007-b094-b7ff16dfe646","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54116,"status":200,"time_taken":360493,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:16.379332Z","timestamp":"2021-04-21T07:44:16.011945Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d570d8ba-7aee-40f4-b6b1-d7de6e0d5ebd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50008,"status":200,"time_taken":367427,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:16.383591Z","timestamp":"2021-04-21T07:44:16.016306Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3337f8a5-0c47-424e-86bd-97cf272a3a19","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50008,"status":200,"time_taken":367487,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:17.099299Z","timestamp":"2021-04-21T07:44:17.099299Z","count":12,"c_ip":"46.128.24.64","sum(bytes_in)":9710,"sum(bytes_out)":11572,"sum(time_taken)":10649} {"endtime":"2021-04-21T07:44:17.099299Z","timestamp":"2021-04-21T07:44:17.099299Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4039865} {"endtime":"2021-04-21T07:44:17.099299Z","timestamp":"2021-04-21T07:44:17.099299Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4049718} {"endtime":"2021-04-21T07:44:17.099299Z","timestamp":"2021-04-21T07:44:17.099299Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4021173} {"endtime":"2021-04-21T07:44:17.099372Z","timestamp":"2021-04-21T07:44:17.099372Z","count":45,"dest_ip":"10.0.1.12","sum(time_taken)":12121405} {"endtime":"2021-04-21T07:44:17.099380Z","timestamp":"2021-04-21T07:44:17.099380Z","count":45,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:44:17.099386Z","timestamp":"2021-04-21T07:44:17.099386Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":1838,"sum(bytes_out)":1518,"sum(time_taken)":3523} {"endtime":"2021-04-21T07:44:17.099386Z","timestamp":"2021-04-21T07:44:17.099386Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":1836,"sum(bytes_out)":1528,"sum(time_taken)":2794} {"endtime":"2021-04-21T07:44:17.099386Z","timestamp":"2021-04-21T07:44:17.099386Z","count":4,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":2932,"sum(bytes_out)":4630,"sum(time_taken)":3235} {"endtime":"2021-04-21T07:44:17.099386Z","timestamp":"2021-04-21T07:44:17.099386Z","count":4,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":3104,"sum(bytes_out)":3896,"sum(time_taken)":1097} {"endtime":"2021-04-21T07:44:17.099386Z","timestamp":"2021-04-21T07:44:17.099386Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12110756} {"endtime":"2021-04-21T07:44:19.525245Z","timestamp":"2021-04-21T07:44:19.151279Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8754c064-589f-429b-b895-138835443d8f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53337,"status":200,"time_taken":374224,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:19.599772Z","timestamp":"2021-04-21T07:44:19.231345Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a3a21bb8-d9e6-421f-b84b-4ff2ec21a407","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54120,"status":200,"time_taken":368597,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:21.096072Z","timestamp":"2021-04-21T07:44:21.096072Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4049570} {"endtime":"2021-04-21T07:44:21.096067Z","timestamp":"2021-04-21T07:44:21.096067Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:44:21.096061Z","timestamp":"2021-04-21T07:44:21.096061Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4049570} {"endtime":"2021-04-21T07:44:21.096014Z","timestamp":"2021-04-21T07:44:21.096014Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4049570} {"endtime":"2021-04-21T07:44:22.375806Z","timestamp":"2021-04-21T07:44:22.012116Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1c54bf01-7099-40f5-85e5-3867022998ba","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50009,"status":200,"time_taken":363757,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:22.380137Z","timestamp":"2021-04-21T07:44:22.016588Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a89b094b-121d-4181-a390-b2980fcba860","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50009,"status":200,"time_taken":363731,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:25.406293Z","timestamp":"2021-04-21T07:44:25.041677Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6f766cec-c535-401d-b9e2-2bbedc42ae6b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53338,"status":200,"time_taken":364924,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:25.465474Z","timestamp":"2021-04-21T07:44:25.101646Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"eea23014-ecc0-498d-8efd-ae9c8bb95d45","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54122,"status":200,"time_taken":364050,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:27.549271Z","timestamp":"2021-04-21T07:44:27.183917Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0fafea2d-17b4-44c5-a2de-b6c2cd3f7b61","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50010,"status":200,"time_taken":365399,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:27.553618Z","timestamp":"2021-04-21T07:44:27.188407Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"42861cec-602f-41aa-85f7-7fa54c8cdf08","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50010,"status":200,"time_taken":365395,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:30.445868Z","timestamp":"2021-04-21T07:44:30.072760Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"226603d1-f8be-44fc-826d-898868cd741d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53340,"status":200,"time_taken":373369,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:30.580442Z","timestamp":"2021-04-21T07:44:30.217310Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f6120e40-4027-418d-8481-36fe1bf4cfad","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54124,"status":200,"time_taken":363363,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:33.539698Z","timestamp":"2021-04-21T07:44:33.169556Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"509f750f-34a0-48c0-b3f9-d44ab0283bd8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50011,"status":200,"time_taken":370192,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:33.544017Z","timestamp":"2021-04-21T07:44:33.174053Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"74665188-4cf0-4184-805c-712a423b041f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50011,"status":200,"time_taken":370145,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:35.502303Z","timestamp":"2021-04-21T07:44:35.135032Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"53367129-2d23-4d9f-abf9-9695ec12afd1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53342,"status":200,"time_taken":367608,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:36.447232Z","timestamp":"2021-04-21T07:44:36.082344Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c9c3bf9e-9f33-4520-b762-0f6b9a5f6fe4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54126,"status":200,"time_taken":365107,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:39.486492Z","timestamp":"2021-04-21T07:44:39.122762Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a72f6ee7-ec85-4fc4-9a32-96b4e4b609d5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50012,"status":200,"time_taken":363793,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:39.490914Z","timestamp":"2021-04-21T07:44:39.127296Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e571125f-979c-4b29-b8bd-c1a3dff80ad2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50012,"status":200,"time_taken":363840,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:40.554138Z","timestamp":"2021-04-21T07:44:40.182824Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"43371c99-782c-420b-829e-3d734645d88b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53343,"status":200,"time_taken":372410,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:41.569262Z","timestamp":"2021-04-21T07:44:41.199005Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6916060a-a588-4aba-9843-3b4593805645","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54128,"status":200,"time_taken":370506,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:45.401707Z","timestamp":"2021-04-21T07:44:45.029047Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"697cd06b-1c7d-41ed-9cef-73d96601a085","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50013,"status":200,"time_taken":372712,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:45.406159Z","timestamp":"2021-04-21T07:44:45.033601Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bd6fd78f-91bd-4c82-80cb-2f17ce0253b3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50013,"status":200,"time_taken":372734,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:45.631628Z","timestamp":"2021-04-21T07:44:45.259878Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c12658c9-82ed-4311-a380-082ddac34e7d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53344,"status":200,"time_taken":372066,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:47.439084Z","timestamp":"2021-04-21T07:44:47.070982Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5bf27775-108c-492e-91f4-9d23864a053c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54130,"status":200,"time_taken":368324,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:51.375587Z","timestamp":"2021-04-21T07:44:51.005018Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"39fe67b7-c7b9-4797-a3d9-72603e3ce6bc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50014,"status":200,"time_taken":370642,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:51.380035Z","timestamp":"2021-04-21T07:44:51.009562Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"776d784c-48e7-426a-95f6-9110b98f031e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50014,"status":200,"time_taken":370665,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:51.578241Z","timestamp":"2021-04-21T07:44:51.212779Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9324db98-9bb2-4794-8675-89f15775e85b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53345,"status":200,"time_taken":365720,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:52.552813Z","timestamp":"2021-04-21T07:44:52.190764Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0323ee84-6def-460d-acf5-33f601ad41aa","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54132,"status":200,"time_taken":362219,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:56.575241Z","timestamp":"2021-04-21T07:44:56.201038Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5a2b7e98-699b-486c-892f-b29b9809c7b5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50015,"status":200,"time_taken":374231,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:44:56.579726Z","timestamp":"2021-04-21T07:44:56.205624Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c343508b-cfbf-46b0-8707-02b6f0f605ec","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50015,"status":200,"time_taken":374256,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:57.489330Z","timestamp":"2021-04-21T07:44:57.118853Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c9f4b0a9-4e8b-4bde-a943-2d85dd8ca1da","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53346,"status":200,"time_taken":370735,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:44:58.430141Z","timestamp":"2021-04-21T07:44:58.054507Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8368ff89-e1e7-48b5-93de-eda1c8dd45c0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54134,"status":200,"time_taken":375843,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:02.515784Z","timestamp":"2021-04-21T07:45:02.138758Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2809f093-f05b-4688-be52-95a5dac3817a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50016,"status":200,"time_taken":377068,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:02.519695Z","timestamp":"2021-04-21T07:45:02.150793Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e7580db2-7617-4782-a878-9682b0252acf","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53347,"status":200,"time_taken":369992,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:02.520029Z","timestamp":"2021-04-21T07:45:02.143380Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3565323d-052d-4ed8-ab88-d55f8a85de53","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50016,"status":200,"time_taken":376871,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:03.556075Z","timestamp":"2021-04-21T07:45:03.181899Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8a0c9652-97f0-46ca-83a9-f11b2fa0ac07","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54136,"status":200,"time_taken":374514,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:07.511944Z","timestamp":"2021-04-21T07:45:07.510655Z","bytes":439,"bytes_in":202,"bytes_out":237,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"34d7e4f6-d9cb-4eba-987c-bc8302a61912","http_comment":"HTTP/1.0 200 OK","http_content_length":56,"http_content_type":"text/plain","http_method":"PUT","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; linux; amd64)","protocol_stack":"ip:tcp:http","request":"PUT /latest/api/token HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.12","src_mac":"02:DA:73:7B:81:70","src_port":54046,"status":200,"time_taken":1311,"transport":"tcp","uri_path":"/latest/api/token"} {"endtime":"2021-04-21T07:45:07.513227Z","timestamp":"2021-04-21T07:45:07.512447Z","bytes":773,"bytes_in":248,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"da018e7a-5e36-4d1a-af27-1e013c5d6a10","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; linux; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.12","src_mac":"02:DA:73:7B:81:70","src_port":54048,"status":404,"time_taken":794,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:45:07.546636Z","timestamp":"2021-04-21T07:45:07.545840Z","bytes":773,"bytes_in":248,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"5e44710d-addd-4028-a576-99eea82c39fc","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; linux; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.12","src_mac":"02:DA:73:7B:81:70","src_port":54050,"status":404,"time_taken":816,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:45:07.668270Z","timestamp":"2021-04-21T07:45:07.667232Z","bytes":773,"bytes_in":248,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"94981d94-1248-416d-88f7-06641581d191","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; linux; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.12","src_mac":"02:DA:73:7B:81:70","src_port":54052,"status":404,"time_taken":1065,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:45:08.434653Z","timestamp":"2021-04-21T07:45:08.056095Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"51a8ff4a-5382-47cf-b5f5-fa8582724636","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53348,"status":200,"time_taken":378812,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:08.506708Z","timestamp":"2021-04-21T07:45:08.138663Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9a4c676f-a046-4839-be2c-e174d7e4f84e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50018,"status":200,"time_taken":368095,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:08.511231Z","timestamp":"2021-04-21T07:45:08.143298Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"67d473c0-a0fe-44b4-9147-b7e6216241ae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50018,"status":200,"time_taken":368115,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:08.778895Z","timestamp":"2021-04-21T07:45:08.778548Z","bytes":441,"bytes_in":204,"bytes_out":237,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"4fdcb9f6-f892-440b-b89a-8f98630a6344","http_comment":"HTTP/1.1 200 OK","http_content_length":56,"http_content_type":"text/plain","http_method":"PUT","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"PUT /latest/api/token HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50019,"status":200,"time_taken":368,"transport":"tcp","uri_path":"/latest/api/token"} {"endtime":"2021-04-21T07:45:08.779491Z","timestamp":"2021-04-21T07:45:08.779298Z","bytes":777,"bytes_in":250,"bytes_out":527,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"940ba6bf-1be0-46e7-ad19-ea03c90cb768","http_comment":"HTTP/1.1 404 Not Found","http_content_length":339,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50020,"status":404,"time_taken":204,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:45:08.823518Z","timestamp":"2021-04-21T07:45:08.823318Z","bytes":777,"bytes_in":250,"bytes_out":527,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"f2a11ca9-a982-4f75-bbce-c298e2441bb1","http_comment":"HTTP/1.1 404 Not Found","http_content_length":339,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50021,"status":404,"time_taken":217,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:45:08.934380Z","timestamp":"2021-04-21T07:45:08.934155Z","bytes":777,"bytes_in":250,"bytes_out":527,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"bdfe5790-7208-46b3-b89b-2fc78dd7fb47","http_comment":"HTTP/1.1 404 Not Found","http_content_length":339,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50022,"status":404,"time_taken":238,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:45:09.422734Z","timestamp":"2021-04-21T07:45:09.057871Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"49aa19a0-cee1-4bbf-baf1-099b00ec3893","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54138,"status":200,"time_taken":365080,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:10.044725Z","timestamp":"2021-04-21T07:45:10.044725Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":750,"sum(bytes_out)":1581,"sum(time_taken)":659} {"endtime":"2021-04-21T07:45:10.044725Z","timestamp":"2021-04-21T07:45:10.044725Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":204,"sum(bytes_out)":237,"sum(time_taken)":368} {"endtime":"2021-04-21T07:45:10.044725Z","timestamp":"2021-04-21T07:45:10.044725Z","count":3,"dest_ip":"169.254.169.254","status":404} {"endtime":"2021-04-21T07:45:10.044725Z","timestamp":"2021-04-21T07:45:10.044725Z","count":1,"dest_ip":"169.254.169.254","status":200} {"endtime":"2021-04-21T07:45:10.044725Z","timestamp":"2021-04-21T07:45:10.044725Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":1027} {"endtime":"2021-04-21T07:45:10.044725Z","timestamp":"2021-04-21T07:45:10.044725Z","count":4,"c_ip":"10.0.1.15","sum(bytes_in)":954,"sum(bytes_out)":1818,"sum(time_taken)":1027} {"endtime":"2021-04-21T07:45:13.507258Z","timestamp":"2021-04-21T07:45:13.138831Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e7e005b1-ab39-47ee-8ed4-4a8ae841cfc3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50023,"status":200,"time_taken":368476,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:13.511792Z","timestamp":"2021-04-21T07:45:13.143508Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"874902ef-931f-40a1-83b5-02f91b1f8944","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50023,"status":200,"time_taken":368499,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:13.546014Z","timestamp":"2021-04-21T07:45:13.181005Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"56ead840-7c81-4488-9fd4-0e15b8309f43","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53349,"status":200,"time_taken":365332,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:14.544834Z","timestamp":"2021-04-21T07:45:14.174444Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cabab2cc-53f2-45c8-a641-4c0f98597f85","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54140,"status":200,"time_taken":370641,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:15.232484Z","timestamp":"2021-04-21T07:45:15.231528Z","bytes":1889,"bytes_in":733,"bytes_out":1156,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618990005091","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005091 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":956,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005091"} {"endtime":"2021-04-21T07:45:15.233547Z","timestamp":"2021-04-21T07:45:15.231811Z","bytes":1683,"bytes_in":919,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":1736,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:45:15.233617Z","timestamp":"2021-04-21T07:45:15.231758Z","bytes":1682,"bytes_in":918,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":1859,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:45:15.235785Z","timestamp":"2021-04-21T07:45:15.235507Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005092","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005092 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":278,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005092"} {"endtime":"2021-04-21T07:45:15.235866Z","timestamp":"2021-04-21T07:45:15.235681Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993089","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993089 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":185,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993089"} {"endtime":"2021-04-21T07:45:15.236093Z","timestamp":"2021-04-21T07:45:15.235507Z","bytes":1895,"bytes_in":733,"bytes_out":1162,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&_=1618989993088","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993088 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":586,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993088"} {"endtime":"2021-04-21T07:45:17.189549Z","timestamp":"2021-04-21T07:45:17.189549Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4855,"sum(bytes_out)":5794,"sum(time_taken)":5095} {"endtime":"2021-04-21T07:45:17.189549Z","timestamp":"2021-04-21T07:45:17.189549Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4048244} {"endtime":"2021-04-21T07:45:17.189549Z","timestamp":"2021-04-21T07:45:17.189549Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3694251} {"endtime":"2021-04-21T07:45:17.189549Z","timestamp":"2021-04-21T07:45:17.189549Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4075192} {"endtime":"2021-04-21T07:45:17.189549Z","timestamp":"2021-04-21T07:45:17.189549Z","count":4,"c_ip":"10.0.1.12","sum(bytes_in)":946,"sum(bytes_out)":1812,"sum(time_taken)":3986} {"endtime":"2021-04-21T07:45:17.189633Z","timestamp":"2021-04-21T07:45:17.189633Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":3986} {"endtime":"2021-04-21T07:45:17.189633Z","timestamp":"2021-04-21T07:45:17.189633Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":11822782} {"endtime":"2021-04-21T07:45:17.189646Z","timestamp":"2021-04-21T07:45:17.189646Z","count":3,"dest_ip":"169.254.169.254","status":404} {"endtime":"2021-04-21T07:45:17.189646Z","timestamp":"2021-04-21T07:45:17.189646Z","count":1,"dest_ip":"169.254.169.254","status":200} {"endtime":"2021-04-21T07:45:17.189646Z","timestamp":"2021-04-21T07:45:17.189646Z","count":38,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:45:17.189661Z","timestamp":"2021-04-21T07:45:17.189661Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":744,"sum(bytes_out)":1575,"sum(time_taken)":2675} {"endtime":"2021-04-21T07:45:17.189661Z","timestamp":"2021-04-21T07:45:17.189661Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":202,"sum(bytes_out)":237,"sum(time_taken)":1311} {"endtime":"2021-04-21T07:45:17.189661Z","timestamp":"2021-04-21T07:45:17.189661Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":919,"sum(bytes_out)":764,"sum(time_taken)":1459} {"endtime":"2021-04-21T07:45:17.189661Z","timestamp":"2021-04-21T07:45:17.189661Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":918,"sum(bytes_out)":764,"sum(time_taken)":1553} {"endtime":"2021-04-21T07:45:17.189661Z","timestamp":"2021-04-21T07:45:17.189661Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1466,"sum(bytes_out)":2318,"sum(time_taken)":1472} {"endtime":"2021-04-21T07:45:17.189661Z","timestamp":"2021-04-21T07:45:17.189661Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1552,"sum(bytes_out)":1948,"sum(time_taken)":611} {"endtime":"2021-04-21T07:45:17.189661Z","timestamp":"2021-04-21T07:45:17.189661Z","count":32,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5344,"sum(bytes_out)":32512,"sum(time_taken)":11817687} {"endtime":"2021-04-21T07:45:19.423107Z","timestamp":"2021-04-21T07:45:19.060628Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"317308ad-d790-405c-a0b9-16f0ae77b9bc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50024,"status":200,"time_taken":362517,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:19.427689Z","timestamp":"2021-04-21T07:45:19.065331Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5bbff084-2d24-4e98-9e79-1e4422dbd668","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50024,"status":200,"time_taken":362516,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:19.429779Z","timestamp":"2021-04-21T07:45:19.055758Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d6248375-3abe-471b-b36c-72e8bd396f33","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53350,"status":200,"time_taken":374284,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:20.417062Z","timestamp":"2021-04-21T07:45:20.046999Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"daa23bf5-fdbb-4075-a48c-0f6c8c079172","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54144,"status":200,"time_taken":370265,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:21.162995Z","timestamp":"2021-04-21T07:45:21.162995Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:45:21.162989Z","timestamp":"2021-04-21T07:45:21.162989Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4056882} {"endtime":"2021-04-21T07:45:21.162938Z","timestamp":"2021-04-21T07:45:21.162938Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4056882} {"endtime":"2021-04-21T07:45:21.163000Z","timestamp":"2021-04-21T07:45:21.163000Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4056882} {"endtime":"2021-04-21T07:45:21.218852Z","timestamp":"2021-04-21T07:45:21.217710Z","bytes":441,"bytes_in":204,"bytes_out":237,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"48d3f74c-b9db-4b72-8c6d-8c1877e3160a","http_comment":"HTTP/1.0 200 OK","http_content_length":56,"http_content_type":"text/plain","http_method":"PUT","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"PUT /latest/api/token HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53351,"status":200,"time_taken":1174,"transport":"tcp","uri_path":"/latest/api/token"} {"endtime":"2021-04-21T07:45:21.220017Z","timestamp":"2021-04-21T07:45:21.219378Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"50978bb3-8386-433f-af00-0dfc8116645c","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53352,"status":404,"time_taken":653,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:45:21.248297Z","timestamp":"2021-04-21T07:45:21.248297Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":750,"sum(bytes_out)":1575,"sum(time_taken)":2236} {"endtime":"2021-04-21T07:45:21.248297Z","timestamp":"2021-04-21T07:45:21.248297Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":204,"sum(bytes_out)":237,"sum(time_taken)":1174} {"endtime":"2021-04-21T07:45:21.248297Z","timestamp":"2021-04-21T07:45:21.248297Z","count":3,"dest_ip":"169.254.169.254","status":404} {"endtime":"2021-04-21T07:45:21.248297Z","timestamp":"2021-04-21T07:45:21.248297Z","count":1,"dest_ip":"169.254.169.254","status":200} {"endtime":"2021-04-21T07:45:21.248297Z","timestamp":"2021-04-21T07:45:21.248297Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":3410} {"endtime":"2021-04-21T07:45:21.248297Z","timestamp":"2021-04-21T07:45:21.248297Z","count":4,"c_ip":"10.0.1.14","sum(bytes_in)":954,"sum(bytes_out)":1812,"sum(time_taken)":3410} {"endtime":"2021-04-21T07:45:21.268866Z","timestamp":"2021-04-21T07:45:21.268116Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"295820cf-79f5-4193-b640-d0ad21c267f8","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53353,"status":404,"time_taken":776,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:45:21.358497Z","timestamp":"2021-04-21T07:45:21.357714Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"ca0cfc4a-bb4d-4824-a067-e864458ad48e","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53354,"status":404,"time_taken":807,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:45:24.465573Z","timestamp":"2021-04-21T07:45:24.092012Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"298a8b3a-4710-4bf7-a9a0-0480873c4cdb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50025,"status":200,"time_taken":373622,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:24.470180Z","timestamp":"2021-04-21T07:45:24.096720Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1148aa4c-6116-4b5b-8673-11b0ab72439e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50025,"status":200,"time_taken":373636,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:24.556157Z","timestamp":"2021-04-21T07:45:24.180747Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3217712a-91a7-448d-8788-ce9955832144","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53355,"status":200,"time_taken":375686,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:25.541634Z","timestamp":"2021-04-21T07:45:25.168833Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a2186327-ae8c-490c-9494-5a26b05c29d4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54146,"status":200,"time_taken":373128,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:30.401292Z","timestamp":"2021-04-21T07:45:30.029628Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"79d9003c-af32-47bb-a75d-40ac452a21d9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50026,"status":200,"time_taken":371708,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:30.405914Z","timestamp":"2021-04-21T07:45:30.034366Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f66048ed-690c-43bb-99e9-798e0cfe98bf","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50026,"status":200,"time_taken":371726,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:30.438438Z","timestamp":"2021-04-21T07:45:30.071096Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ffa5eb1b-36ee-4a1f-84d0-ffffe33e7c10","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53357,"status":200,"time_taken":367585,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:31.410818Z","timestamp":"2021-04-21T07:45:31.043550Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7e549fde-ab92-458b-8546-01fb0121b2ef","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54148,"status":200,"time_taken":367499,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:35.432661Z","timestamp":"2021-04-21T07:45:35.060987Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"29b46c03-37b2-420e-bc3c-f1a376296bab","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50027,"status":200,"time_taken":371725,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:35.437333Z","timestamp":"2021-04-21T07:45:35.065763Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8010a223-c195-499d-b525-7def146f7c4e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50027,"status":200,"time_taken":371737,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:35.519625Z","timestamp":"2021-04-21T07:45:35.148801Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d613e06e-aac1-4b65-94fd-82e65d23096d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53362,"status":200,"time_taken":371047,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:36.527959Z","timestamp":"2021-04-21T07:45:36.162704Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a137754f-c899-478e-9206-ce8f566932ca","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54150,"status":200,"time_taken":365461,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:40.594187Z","timestamp":"2021-04-21T07:45:40.226957Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"585fd459-1b4d-4c80-be54-8d2d49f8fd42","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53363,"status":200,"time_taken":367480,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:41.397880Z","timestamp":"2021-04-21T07:45:41.029867Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ebea84ad-a27c-4d9e-b84d-b5c08ae25b58","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50028,"status":200,"time_taken":368052,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:41.402569Z","timestamp":"2021-04-21T07:45:41.034629Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fd996788-1dc4-45be-b4db-8e1b5cee7492","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50028,"status":200,"time_taken":368137,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:42.404224Z","timestamp":"2021-04-21T07:45:42.029710Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"eda59811-7828-49d3-8877-43268bb7995f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54152,"status":200,"time_taken":374748,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:46.412094Z","timestamp":"2021-04-21T07:45:46.045428Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"32cec810-1a62-43d4-bcd1-e8358082f554","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50029,"status":200,"time_taken":366704,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:46.416803Z","timestamp":"2021-04-21T07:45:46.050246Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4908a49d-b397-49f4-9391-d9259025ec32","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50029,"status":200,"time_taken":366718,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:46.501683Z","timestamp":"2021-04-21T07:45:46.133328Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3ee1f34d-d1f2-4ff7-bfbc-60dff2659dd6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53364,"status":200,"time_taken":368876,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:47.524182Z","timestamp":"2021-04-21T07:45:47.155926Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9d072be7-5467-4a03-8807-efc0c78105ba","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54154,"status":200,"time_taken":368493,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:51.563610Z","timestamp":"2021-04-21T07:45:51.186164Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"302262e4-9379-4eae-afd4-fa33352e7378","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50030,"status":200,"time_taken":377488,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:51.568316Z","timestamp":"2021-04-21T07:45:51.190990Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"628bb052-7247-4a20-8f7b-a80cdec12d9a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50030,"status":200,"time_taken":377507,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:51.641635Z","timestamp":"2021-04-21T07:45:51.257876Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"306b3120-c353-46d8-8c1f-a7b5e4d5325a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53365,"status":200,"time_taken":384107,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:53.394889Z","timestamp":"2021-04-21T07:45:53.025962Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5c98a6f5-ccac-4e0c-ab26-36602949c591","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54156,"status":200,"time_taken":369146,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:57.557122Z","timestamp":"2021-04-21T07:45:57.186240Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"840bec02-3e3a-4173-8364-977e47b1d510","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50031,"status":200,"time_taken":370949,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:45:57.561895Z","timestamp":"2021-04-21T07:45:57.191092Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fb78f01b-6b74-43d4-afbd-e62c4240c0f5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50031,"status":200,"time_taken":371015,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:57.576987Z","timestamp":"2021-04-21T07:45:57.210946Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f862a8a4-b847-4653-80d9-f4d24977e617","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53369,"status":200,"time_taken":366371,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:45:58.515975Z","timestamp":"2021-04-21T07:45:58.146657Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec609c91-fa18-46a8-9804-7fb15b35ffbc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54158,"status":200,"time_taken":369553,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:03.464254Z","timestamp":"2021-04-21T07:46:03.085756Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9c9b1c72-1f7b-4c5b-be70-bf960a5e77b1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53370,"status":200,"time_taken":378784,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:03.482161Z","timestamp":"2021-04-21T07:46:03.108254Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8c366201-dd60-48d3-9b01-801db60d235f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50032,"status":200,"time_taken":373964,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:03.486922Z","timestamp":"2021-04-21T07:46:03.113244Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fb2d3514-ff34-4b2f-b313-26dc4b420b64","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50032,"status":200,"time_taken":374005,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:04.387137Z","timestamp":"2021-04-21T07:46:04.017681Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1916f854-facb-4523-bb01-4289c11cc78c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54160,"status":200,"time_taken":369710,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:08.548183Z","timestamp":"2021-04-21T07:46:08.179399Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"075eaa6d-92ec-4e72-aaab-d0c0b4eeb469","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53371,"status":200,"time_taken":369153,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:09.383535Z","timestamp":"2021-04-21T07:46:09.014532Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8b4cb88d-b448-4188-9248-f580a489a156","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50034,"status":200,"time_taken":369054,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:09.388285Z","timestamp":"2021-04-21T07:46:09.019474Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"97eae314-16c5-47d0-86fa-8f1607b24ef2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50034,"status":200,"time_taken":369039,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:09.509283Z","timestamp":"2021-04-21T07:46:09.138908Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c61c0a17-d6ab-4d4d-9280-cded558cb4ba","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54162,"status":200,"time_taken":370622,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:13.622298Z","timestamp":"2021-04-21T07:46:13.257267Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cd05b8bb-f2fe-4ed6-819c-6c7b08cee76a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53372,"status":200,"time_taken":365297,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:14.059741Z","timestamp":"2021-04-21T07:46:14.058880Z","bytes":1898,"bytes_in":733,"bytes_out":1165,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&_=1618990005093","http_comment":"HTTP/1.1 200 OK","http_content_length":416,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005093 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":861,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005093"} {"endtime":"2021-04-21T07:46:14.060116Z","timestamp":"2021-04-21T07:46:14.059410Z","bytes":1896,"bytes_in":733,"bytes_out":1163,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618989993090","http_comment":"HTTP/1.1 200 OK","http_content_length":416,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993090 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":706,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993090"} {"endtime":"2021-04-21T07:46:14.061135Z","timestamp":"2021-04-21T07:46:14.059410Z","bytes":1683,"bytes_in":919,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":1725,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:46:14.061208Z","timestamp":"2021-04-21T07:46:14.059410Z","bytes":1682,"bytes_in":918,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1798,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:46:14.062662Z","timestamp":"2021-04-21T07:46:14.062433Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993091","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993091 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":229,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993091"} {"endtime":"2021-04-21T07:46:14.062749Z","timestamp":"2021-04-21T07:46:14.062456Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005094","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005094 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":293,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005094"} {"endtime":"2021-04-21T07:46:14.520579Z","timestamp":"2021-04-21T07:46:14.155182Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6de39a8f-efd7-473f-9157-4b327202496b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50035,"status":200,"time_taken":365455,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:14.525293Z","timestamp":"2021-04-21T07:46:14.160120Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"452db5e5-f9cc-453f-835c-ccc414f00e32","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50035,"status":200,"time_taken":365337,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:15.378966Z","timestamp":"2021-04-21T07:46:15.011131Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1f83e475-13eb-4850-95e2-c082a0c57123","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54164,"status":200,"time_taken":368086,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:18.046602Z","timestamp":"2021-04-21T07:46:18.046602Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4855,"sum(bytes_out)":5794,"sum(time_taken)":5600} {"endtime":"2021-04-21T07:46:18.046602Z","timestamp":"2021-04-21T07:46:18.046602Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4066711} {"endtime":"2021-04-21T07:46:18.046602Z","timestamp":"2021-04-21T07:46:18.046602Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4071373} {"endtime":"2021-04-21T07:46:18.046602Z","timestamp":"2021-04-21T07:46:18.046602Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4088670} {"endtime":"2021-04-21T07:46:18.046677Z","timestamp":"2021-04-21T07:46:18.046677Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":12232354} {"endtime":"2021-04-21T07:46:18.046685Z","timestamp":"2021-04-21T07:46:18.046685Z","count":39,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:46:18.046691Z","timestamp":"2021-04-21T07:46:18.046691Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":919,"sum(bytes_out)":764,"sum(time_taken)":1736} {"endtime":"2021-04-21T07:46:18.046691Z","timestamp":"2021-04-21T07:46:18.046691Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":918,"sum(bytes_out)":764,"sum(time_taken)":1859} {"endtime":"2021-04-21T07:46:18.046691Z","timestamp":"2021-04-21T07:46:18.046691Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1466,"sum(bytes_out)":2318,"sum(time_taken)":1542} {"endtime":"2021-04-21T07:46:18.046691Z","timestamp":"2021-04-21T07:46:18.046691Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1552,"sum(bytes_out)":1948,"sum(time_taken)":463} {"endtime":"2021-04-21T07:46:18.046691Z","timestamp":"2021-04-21T07:46:18.046691Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12226754} {"endtime":"2021-04-21T07:46:19.491185Z","timestamp":"2021-04-21T07:46:19.116543Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"94ae51c7-7c43-489e-b38c-7e7bda11568c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53373,"status":200,"time_taken":374948,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:20.508883Z","timestamp":"2021-04-21T07:46:20.131033Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"190f98c2-9f31-4b02-97c4-8a94621a0180","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54168,"status":200,"time_taken":378067,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:20.517292Z","timestamp":"2021-04-21T07:46:20.139645Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"94e21ac8-da09-44e9-9065-a6f23a703d75","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50036,"status":200,"time_taken":377711,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:20.522134Z","timestamp":"2021-04-21T07:46:20.144615Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1c4ab6d3-5d81-4f0c-bd56-745ee5e19430","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50036,"status":200,"time_taken":377729,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:22.004582Z","timestamp":"2021-04-21T07:46:22.004582Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4086432} {"endtime":"2021-04-21T07:46:22.004577Z","timestamp":"2021-04-21T07:46:22.004577Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:46:22.004570Z","timestamp":"2021-04-21T07:46:22.004570Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4086432} {"endtime":"2021-04-21T07:46:22.004509Z","timestamp":"2021-04-21T07:46:22.004509Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4086432} {"endtime":"2021-04-21T07:46:24.618960Z","timestamp":"2021-04-21T07:46:24.256987Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6bd5596c-78fe-44a3-9cb2-c582b79e73f9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53374,"status":200,"time_taken":362264,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:26.377252Z","timestamp":"2021-04-21T07:46:26.010675Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"affb2b61-a2bd-428c-9496-5f7a7ebe3a11","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54170,"status":200,"time_taken":366778,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:26.431637Z","timestamp":"2021-04-21T07:46:26.061586Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"69d81734-2e8c-4282-8522-cdc3c29d384c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50037,"status":200,"time_taken":370108,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:26.436534Z","timestamp":"2021-04-21T07:46:26.066611Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"441b09a7-1b30-4c0b-b40c-79551bf61346","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50037,"status":200,"time_taken":370146,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:30.511882Z","timestamp":"2021-04-21T07:46:30.147524Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d37514f1-29f0-4834-9001-75b18a6a6af4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53376,"status":200,"time_taken":364656,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:31.500037Z","timestamp":"2021-04-21T07:46:31.128881Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"871caa67-40cd-453b-8b7e-d15fb696aac0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54172,"status":200,"time_taken":371401,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:32.460591Z","timestamp":"2021-04-21T07:46:32.093311Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dd568e57-d92b-4def-b6fb-66089130ea26","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50038,"status":200,"time_taken":367321,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:32.465525Z","timestamp":"2021-04-21T07:46:32.098358Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1924f243-b509-4895-827e-ced656611de3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50038,"status":200,"time_taken":367335,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:35.549578Z","timestamp":"2021-04-21T07:46:35.178528Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a7e984c8-1e36-44fe-ae38-a0612777c5db","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53378,"status":200,"time_taken":371327,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:36.619600Z","timestamp":"2021-04-21T07:46:36.251543Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"06591a6f-a34d-4e3c-b276-a06ac7206b9a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54174,"status":200,"time_taken":368266,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:38.380114Z","timestamp":"2021-04-21T07:46:38.014900Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"283ac711-1cc5-4e7e-90aa-17db351a225a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50039,"status":200,"time_taken":365262,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:38.384823Z","timestamp":"2021-04-21T07:46:38.019964Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"886f669e-d95a-46f9-9ab8-1c6f5a19096c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50039,"status":200,"time_taken":365029,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:41.424711Z","timestamp":"2021-04-21T07:46:41.053319Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"06268a0c-196a-4579-9d0b-a1169ea9773c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53379,"status":200,"time_taken":371621,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:42.485690Z","timestamp":"2021-04-21T07:46:42.121501Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3a731951-e45a-4be1-a413-cfcbb278c45a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54176,"status":200,"time_taken":364420,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:43.548282Z","timestamp":"2021-04-21T07:46:43.186772Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2162778c-dc57-4fca-8146-0d97b188cbc9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50040,"status":200,"time_taken":361554,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:43.553272Z","timestamp":"2021-04-21T07:46:43.191843Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d03a0ebc-f351-46a2-836b-2e61a0851298","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50040,"status":200,"time_taken":361577,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:46.542518Z","timestamp":"2021-04-21T07:46:46.178609Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f5c90e10-95fd-4f29-a3ea-59b5a680115f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53380,"status":200,"time_taken":364192,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:47.612667Z","timestamp":"2021-04-21T07:46:47.237386Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2553c824-462f-4aab-b2ab-c751fa467f9d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54178,"status":200,"time_taken":375480,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:49.519548Z","timestamp":"2021-04-21T07:46:49.155585Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7103f0ae-e413-4d36-9c0d-620339d14bfa","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50041,"status":200,"time_taken":364005,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:49.524576Z","timestamp":"2021-04-21T07:46:49.160697Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a4e9c3e3-2b6b-4925-bf55-fe397e7a7048","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50041,"status":200,"time_taken":364034,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:51.622127Z","timestamp":"2021-04-21T07:46:51.256381Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4a734cdf-1f8e-4dcb-b6d3-1b64b7b18961","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53381,"status":200,"time_taken":366127,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:53.485171Z","timestamp":"2021-04-21T07:46:53.114417Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0cd8a27a-0a09-4d68-b256-c8481150fbe3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54180,"status":200,"time_taken":371034,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:55.457930Z","timestamp":"2021-04-21T07:46:55.093266Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d23febd5-021b-47de-ab55-430ce11a7870","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50042,"status":200,"time_taken":364720,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:46:55.462985Z","timestamp":"2021-04-21T07:46:55.098397Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ceae4f0e-34da-4ffe-8613-e89d82a56db8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50042,"status":200,"time_taken":364752,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:57.460396Z","timestamp":"2021-04-21T07:46:57.084432Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1b0eb80e-6954-4917-8647-dbf0d2d1cf91","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53382,"status":200,"time_taken":376293,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:46:58.605146Z","timestamp":"2021-04-21T07:46:58.236886Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0dcfa04d-0ec0-451c-aba1-1e497a161520","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54182,"status":200,"time_taken":368438,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:01.444710Z","timestamp":"2021-04-21T07:47:01.077702Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d25dd465-3b3c-44ab-94f4-28dde3658bd2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50043,"status":200,"time_taken":367038,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:01.449807Z","timestamp":"2021-04-21T07:47:01.082895Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"255c6b09-a034-491a-90ef-26a3c857d762","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50043,"status":200,"time_taken":367073,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:02.574925Z","timestamp":"2021-04-21T07:47:02.209267Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8bd20ec1-5a06-455e-a01c-679bdeaeeef1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53383,"status":200,"time_taken":366014,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:04.471227Z","timestamp":"2021-04-21T07:47:04.106948Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8e95b839-4518-440c-90a6-fc8478aeb733","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54184,"status":200,"time_taken":364480,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:06.582466Z","timestamp":"2021-04-21T07:47:06.218382Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1e873c28-2d7b-4990-8ade-efeb99642f37","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50044,"status":200,"time_taken":364141,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:06.587560Z","timestamp":"2021-04-21T07:47:06.223587Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"04ed90f3-7c84-4543-b4b9-9f314c5800b5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50044,"status":200,"time_taken":364174,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:08.480395Z","timestamp":"2021-04-21T07:47:08.115243Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"333152d5-a96c-45b2-9fbc-dd63519266df","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53384,"status":200,"time_taken":365454,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:09.587863Z","timestamp":"2021-04-21T07:47:09.222947Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ada199cf-b2bd-42d4-a89b-c61792d0c928","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54186,"status":200,"time_taken":365134,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:12.527511Z","timestamp":"2021-04-21T07:47:12.155995Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"704c0580-a541-4010-a871-43a5bf95ceae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50046,"status":200,"time_taken":371583,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:12.532673Z","timestamp":"2021-04-21T07:47:12.161243Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a05401fc-d0c4-44a0-9520-7e2bd50c12b3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50046,"status":200,"time_taken":371611,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:13.571564Z","timestamp":"2021-04-21T07:47:13.208882Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e455bbd4-0d67-4225-b772-95c72bbb5f6d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53385,"status":200,"time_taken":363010,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:15.465895Z","timestamp":"2021-04-21T07:47:15.089658Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cf1c97a7-c99f-4bb4-83fc-ab8a4eac7a2c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54188,"status":200,"time_taken":376479,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:16.290915Z","timestamp":"2021-04-21T07:47:16.289962Z","bytes":1896,"bytes_in":733,"bytes_out":1163,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618990005095","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005095 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":953,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005095"} {"endtime":"2021-04-21T07:47:16.291974Z","timestamp":"2021-04-21T07:47:16.289963Z","bytes":1684,"bytes_in":918,"bytes_out":766,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":2011,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:47:16.294403Z","timestamp":"2021-04-21T07:47:16.293917Z","bytes":1894,"bytes_in":733,"bytes_out":1161,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&_=1618989993092","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993092 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":486,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993092"} {"endtime":"2021-04-21T07:47:16.294680Z","timestamp":"2021-04-21T07:47:16.294509Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005096","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005096 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":171,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005096"} {"endtime":"2021-04-21T07:47:16.294733Z","timestamp":"2021-04-21T07:47:16.294509Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993093","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993093 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":224,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993093"} {"endtime":"2021-04-21T07:47:16.295218Z","timestamp":"2021-04-21T07:47:16.293896Z","bytes":1683,"bytes_in":919,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":1322,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:47:18.079684Z","timestamp":"2021-04-21T07:47:18.079684Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4855,"sum(bytes_out)":5804,"sum(time_taken)":5612} {"endtime":"2021-04-21T07:47:18.079684Z","timestamp":"2021-04-21T07:47:18.079684Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4069977} {"endtime":"2021-04-21T07:47:18.079684Z","timestamp":"2021-04-21T07:47:18.079684Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3673460} {"endtime":"2021-04-21T07:47:18.079684Z","timestamp":"2021-04-21T07:47:18.079684Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4045906} {"endtime":"2021-04-21T07:47:18.079761Z","timestamp":"2021-04-21T07:47:18.079761Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":11794955} {"endtime":"2021-04-21T07:47:18.079770Z","timestamp":"2021-04-21T07:47:18.079770Z","count":38,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:47:18.079777Z","timestamp":"2021-04-21T07:47:18.079777Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":919,"sum(bytes_out)":764,"sum(time_taken)":1725} {"endtime":"2021-04-21T07:47:18.079777Z","timestamp":"2021-04-21T07:47:18.079777Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":918,"sum(bytes_out)":764,"sum(time_taken)":1798} {"endtime":"2021-04-21T07:47:18.079777Z","timestamp":"2021-04-21T07:47:18.079777Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1466,"sum(bytes_out)":2328,"sum(time_taken)":1567} {"endtime":"2021-04-21T07:47:18.079777Z","timestamp":"2021-04-21T07:47:18.079777Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1552,"sum(bytes_out)":1948,"sum(time_taken)":522} {"endtime":"2021-04-21T07:47:18.079777Z","timestamp":"2021-04-21T07:47:18.079777Z","count":32,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5344,"sum(bytes_out)":32512,"sum(time_taken)":11789343} {"endtime":"2021-04-21T07:47:18.466069Z","timestamp":"2021-04-21T07:47:18.093561Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8e84c133-c238-4c42-8c77-f218aee4c4ea","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50047,"status":200,"time_taken":372552,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:18.471255Z","timestamp":"2021-04-21T07:47:18.098829Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"96fa4269-0654-4f69-8808-093e8c867838","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50047,"status":200,"time_taken":372578,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:19.409903Z","timestamp":"2021-04-21T07:47:19.036830Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d8814a2c-6a8e-457a-97dd-f8a580b97063","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53386,"status":200,"time_taken":373410,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:20.588125Z","timestamp":"2021-04-21T07:47:20.218089Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7457c38f-930a-4b59-91a2-4e0562550198","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54192,"status":200,"time_taken":370273,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:22.083502Z","timestamp":"2021-04-21T07:47:22.083502Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3668284} {"endtime":"2021-04-21T07:47:22.083498Z","timestamp":"2021-04-21T07:47:22.083498Z","count":10,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:47:22.083492Z","timestamp":"2021-04-21T07:47:22.083492Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3668284} {"endtime":"2021-04-21T07:47:22.083448Z","timestamp":"2021-04-21T07:47:22.083448Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3668284} {"endtime":"2021-04-21T07:47:23.600958Z","timestamp":"2021-04-21T07:47:23.234124Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"550a52fa-3a3e-4fec-8191-b01aa074f23e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50048,"status":200,"time_taken":366870,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:23.606138Z","timestamp":"2021-04-21T07:47:23.239426Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"95d53a30-19a8-4a7d-8fa1-334e3093da27","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50048,"status":200,"time_taken":366864,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:24.495064Z","timestamp":"2021-04-21T07:47:24.130659Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a6b77542-5636-467a-8d9e-d9fa1b59de1f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53387,"status":200,"time_taken":364677,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:26.451524Z","timestamp":"2021-04-21T07:47:26.089962Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"13899b82-2df2-48b8-9b43-5bd4b74df210","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54194,"status":200,"time_taken":361794,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:29.532438Z","timestamp":"2021-04-21T07:47:29.171796Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e4c4adaa-9081-4674-a3b9-be9dc4cbb6ac","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50049,"status":200,"time_taken":360698,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:29.537642Z","timestamp":"2021-04-21T07:47:29.177124Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e694653c-1395-4cda-9765-8c3440c0264d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50049,"status":200,"time_taken":360681,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:29.587520Z","timestamp":"2021-04-21T07:47:29.223990Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"44c02028-a272-475b-b778-894046ba9171","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53388,"status":200,"time_taken":363812,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:31.567172Z","timestamp":"2021-04-21T07:47:31.203231Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0704edb5-8422-4d9b-b905-f176bbd0b842","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54196,"status":200,"time_taken":364147,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:35.472855Z","timestamp":"2021-04-21T07:47:35.109383Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c3701db2-c6b3-4ccf-876a-8395f439919d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50050,"status":200,"time_taken":363515,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:35.478128Z","timestamp":"2021-04-21T07:47:35.114760Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f0be94ce-e045-4b11-9d78-510f7a30e4cf","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50050,"status":200,"time_taken":363525,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:35.487286Z","timestamp":"2021-04-21T07:47:35.129864Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"47151b96-d588-4089-9d8f-568667c8c678","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53391,"status":200,"time_taken":357624,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:37.435830Z","timestamp":"2021-04-21T07:47:37.068997Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4c68305f-0268-46d1-a0bf-1e0e0f1ab045","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54198,"status":200,"time_taken":367040,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:40.589067Z","timestamp":"2021-04-21T07:47:40.223668Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bc42c827-fdf4-4069-b7d1-145c458ea73b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53392,"status":200,"time_taken":365662,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:40.617329Z","timestamp":"2021-04-21T07:47:40.250049Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3aedd574-2262-437a-844b-eacd0e7cf142","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50051,"status":200,"time_taken":367338,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:40.622631Z","timestamp":"2021-04-21T07:47:40.255429Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f865feb8-2021-4bea-8ac2-7f641b0c7b07","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50051,"status":200,"time_taken":367387,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:42.555572Z","timestamp":"2021-04-21T07:47:42.187459Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dae828ad-4a23-4697-929d-3a007a384381","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54200,"status":200,"time_taken":368315,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:46.512068Z","timestamp":"2021-04-21T07:47:46.145471Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d54639fa-fbd2-43b5-a7cd-7d691b25fe78","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53393,"status":200,"time_taken":366876,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:46.547344Z","timestamp":"2021-04-21T07:47:46.187614Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e829881a-e2bd-44a8-841e-41c94398f684","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50052,"status":200,"time_taken":359787,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:46.552676Z","timestamp":"2021-04-21T07:47:46.193032Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6b3590e1-c40a-4f8e-9193-86fb128b921b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50052,"status":200,"time_taken":359809,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:48.418820Z","timestamp":"2021-04-21T07:47:48.057364Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bc78a8e1-0235-4185-83a3-6f434362e6f6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54202,"status":200,"time_taken":361682,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:51.592001Z","timestamp":"2021-04-21T07:47:51.223440Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a7f53a1e-17b4-4a38-af67-57e8507a1e70","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53394,"status":200,"time_taken":368830,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:52.488902Z","timestamp":"2021-04-21T07:47:52.119588Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ccbd7c12-b923-4dd8-ba00-9025b163520b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50053,"status":200,"time_taken":369375,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:52.494283Z","timestamp":"2021-04-21T07:47:52.125060Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"06189f2f-4434-47c5-8788-a3be03fc1144","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50053,"status":200,"time_taken":369402,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:53.546329Z","timestamp":"2021-04-21T07:47:53.170467Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"921fec7c-ce36-4cca-bd3f-fcd26cefae06","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54204,"status":200,"time_taken":376077,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:57.478753Z","timestamp":"2021-04-21T07:47:57.113827Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c722e44a-02e3-4157-8701-61b827c19be9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53395,"status":200,"time_taken":365178,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:58.416715Z","timestamp":"2021-04-21T07:47:58.057185Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ee262a25-59b9-4c4e-b17b-011d26717dfe","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50054,"status":200,"time_taken":359587,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:47:58.422128Z","timestamp":"2021-04-21T07:47:58.062699Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"50124609-a90c-4a54-a2be-c7ec382a07a5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50054,"status":200,"time_taken":359665,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:47:59.413578Z","timestamp":"2021-04-21T07:47:59.048830Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e8792cd4-2082-4e79-82f1-9980dc493b25","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54206,"status":200,"time_taken":364948,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:02.593460Z","timestamp":"2021-04-21T07:48:02.223239Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5ea4baeb-af25-4d14-808b-0cb905a95032","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53396,"status":200,"time_taken":370527,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:03.573807Z","timestamp":"2021-04-21T07:48:03.198335Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ac99250b-0d81-49a7-8d46-ccf18ec7bf69","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50055,"status":200,"time_taken":375512,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:03.579240Z","timestamp":"2021-04-21T07:48:03.203862Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"edbb0e9f-640a-4ec1-a460-2b1414bd5b4d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50055,"status":200,"time_taken":376027,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:04.538631Z","timestamp":"2021-04-21T07:48:04.165330Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"787cf792-6cf7-41cf-a61b-731cabb3f584","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54208,"status":200,"time_taken":373572,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:08.428230Z","timestamp":"2021-04-21T07:48:08.066795Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bf968ce9-19bf-44ee-a2a0-6f5b327075bb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53397,"status":200,"time_taken":361808,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:09.504636Z","timestamp":"2021-04-21T07:48:09.138727Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6de2f851-9fa9-4de7-b8cf-805eabcdf43c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50057,"status":200,"time_taken":365955,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:09.510072Z","timestamp":"2021-04-21T07:48:09.144289Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cdaa8fc5-fbb6-4647-b543-b20150e46a24","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50057,"status":200,"time_taken":365959,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:10.401815Z","timestamp":"2021-04-21T07:48:10.040530Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"96ff44ff-e56b-4cc5-afe2-8a560902f589","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54210,"status":200,"time_taken":361558,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:13.564994Z","timestamp":"2021-04-21T07:48:13.191543Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"08ec52cd-f0eb-4a9e-bc43-14a0cf2cba87","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53398,"status":200,"time_taken":373772,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:15.443640Z","timestamp":"2021-04-21T07:48:15.076212Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0d684d53-0e08-4983-b6e1-a65d5b15d823","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50058,"status":200,"time_taken":367459,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:15.449095Z","timestamp":"2021-04-21T07:48:15.081825Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1e10cda9-d13a-48fd-819e-98b223f282b0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50058,"status":200,"time_taken":367443,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:15.530096Z","timestamp":"2021-04-21T07:48:15.153708Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"699acc60-1aee-444a-b1c2-acd13b23da81","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54212,"status":200,"time_taken":376656,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:18.090313Z","timestamp":"2021-04-21T07:48:18.089410Z","bytes":1896,"bytes_in":733,"bytes_out":1163,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&_=1618989993094","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993094 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":903,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993094"} {"endtime":"2021-04-21T07:48:18.094657Z","timestamp":"2021-04-21T07:48:18.094067Z","bytes":1894,"bytes_in":733,"bytes_out":1161,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618990005097","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005097 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":590,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005097"} {"endtime":"2021-04-21T07:48:18.094753Z","timestamp":"2021-04-21T07:48:18.094447Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005098","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005098 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":306,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005098"} {"endtime":"2021-04-21T07:48:18.094815Z","timestamp":"2021-04-21T07:48:18.094447Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993095","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993095 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":368,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993095"} {"endtime":"2021-04-21T07:48:18.095461Z","timestamp":"2021-04-21T07:48:18.094021Z","bytes":1683,"bytes_in":919,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":1440,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:48:18.095604Z","timestamp":"2021-04-21T07:48:18.094067Z","bytes":1682,"bytes_in":918,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1537,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:48:18.164912Z","timestamp":"2021-04-21T07:48:18.164912Z","count":3,"c_ip":"46.128.24.64","sum(bytes_in)":2428,"sum(bytes_out)":2901,"sum(time_taken)":2446} {"endtime":"2021-04-21T07:48:18.164912Z","timestamp":"2021-04-21T07:48:18.164912Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4046062} {"endtime":"2021-04-21T07:48:18.164912Z","timestamp":"2021-04-21T07:48:18.164912Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4029340} {"endtime":"2021-04-21T07:48:18.164912Z","timestamp":"2021-04-21T07:48:18.164912Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4032176} {"endtime":"2021-04-21T07:48:18.165002Z","timestamp":"2021-04-21T07:48:18.165002Z","count":36,"dest_ip":"10.0.1.12","sum(time_taken)":12110024} {"endtime":"2021-04-21T07:48:18.165010Z","timestamp":"2021-04-21T07:48:18.165010Z","count":36,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:48:18.165017Z","timestamp":"2021-04-21T07:48:18.165017Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":919,"sum(bytes_out)":764,"sum(time_taken)":1322} {"endtime":"2021-04-21T07:48:18.165017Z","timestamp":"2021-04-21T07:48:18.165017Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":733,"sum(bytes_out)":1163,"sum(time_taken)":953} {"endtime":"2021-04-21T07:48:18.165017Z","timestamp":"2021-04-21T07:48:18.165017Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":776,"sum(bytes_out)":974,"sum(time_taken)":171} {"endtime":"2021-04-21T07:48:18.165017Z","timestamp":"2021-04-21T07:48:18.165017Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12107578} {"endtime":"2021-04-21T07:48:19.496517Z","timestamp":"2021-04-21T07:48:19.128976Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d89c911d-ba2e-4411-a419-f9048817a491","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53399,"status":200,"time_taken":367877,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:20.581062Z","timestamp":"2021-04-21T07:48:20.216963Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b4557d9f-ece3-4bad-808f-f0f314b037ec","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50059,"status":200,"time_taken":364147,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:20.586471Z","timestamp":"2021-04-21T07:48:20.222570Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6c787ea1-aaf2-423e-800f-06c5a0838863","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50059,"status":200,"time_taken":364063,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:21.399852Z","timestamp":"2021-04-21T07:48:21.032212Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b873148e-7161-40af-bc75-54412493cdf1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54216,"status":200,"time_taken":367861,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:22.144892Z","timestamp":"2021-04-21T07:48:22.144892Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4020243} {"endtime":"2021-04-21T07:48:22.144885Z","timestamp":"2021-04-21T07:48:22.144885Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:48:22.144877Z","timestamp":"2021-04-21T07:48:22.144877Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4020243} {"endtime":"2021-04-21T07:48:22.144818Z","timestamp":"2021-04-21T07:48:22.144818Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4020243} {"endtime":"2021-04-21T07:48:24.551640Z","timestamp":"2021-04-21T07:48:24.175744Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"03eaf891-07f5-45df-bc5c-5fe7ed4b5d9d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53400,"status":200,"time_taken":376226,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:26.519992Z","timestamp":"2021-04-21T07:48:26.154497Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"788d7aea-bd2e-4f3d-9c95-f7a96ed988a7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50060,"status":200,"time_taken":365545,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:26.525562Z","timestamp":"2021-04-21T07:48:26.160159Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6195897c-5962-409f-b4e3-2290d15ee494","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50060,"status":200,"time_taken":365569,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:26.528796Z","timestamp":"2021-04-21T07:48:26.151632Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"be6bc16c-2f60-4055-aa69-5171e059362d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54218,"status":200,"time_taken":377341,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:29.608088Z","timestamp":"2021-04-21T07:48:29.238052Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ba33e359-6d6f-47a7-8ac1-993371e8e8a5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53401,"status":200,"time_taken":370361,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:32.397953Z","timestamp":"2021-04-21T07:48:32.030489Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cd5dd6f7-fb34-4008-a5cb-5dd5ac3c26b1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54220,"status":200,"time_taken":367674,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:32.469917Z","timestamp":"2021-04-21T07:48:32.092152Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"eed0c452-a10c-467b-a958-42984c22fc80","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50061,"status":200,"time_taken":377802,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:32.475533Z","timestamp":"2021-04-21T07:48:32.097806Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3d3bdbaf-fb9c-491b-aaa5-05c05edd0776","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50061,"status":200,"time_taken":377912,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:35.481204Z","timestamp":"2021-04-21T07:48:35.112765Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b97a3c5f-76db-4db1-b72e-1513b07f30e8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53404,"status":200,"time_taken":368740,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:37.520357Z","timestamp":"2021-04-21T07:48:37.150245Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"767c2cc3-0a72-40ea-a9b4-276352e9e596","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54222,"status":200,"time_taken":370946,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:37.600547Z","timestamp":"2021-04-21T07:48:37.232777Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"05f403ff-f19f-4dcc-89c9-d04f8aaa1da7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50062,"status":200,"time_taken":367823,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:37.606177Z","timestamp":"2021-04-21T07:48:37.238482Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0da5dd00-92c7-46ad-863a-2a9a8d21b1b5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50062,"status":200,"time_taken":367843,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:40.567034Z","timestamp":"2021-04-21T07:48:40.190908Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dd9e9277-bc73-4254-9265-8a19f0ceaf24","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53405,"status":200,"time_taken":376471,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:43.389743Z","timestamp":"2021-04-21T07:48:43.022100Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"59410b0b-84f7-4699-850f-e205dd5d4f21","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54224,"status":200,"time_taken":367936,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:43.522261Z","timestamp":"2021-04-21T07:48:43.155339Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"73401016-beb8-439d-8477-47c4d85d30ea","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50063,"status":200,"time_taken":366977,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:43.527879Z","timestamp":"2021-04-21T07:48:43.160417Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c33aedda-f64a-425f-bc62-0ae9fd055fb8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50063,"status":200,"time_taken":367624,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:46.482620Z","timestamp":"2021-04-21T07:48:46.112421Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ce3d8587-c2c3-4cd1-8e10-1ac531e0711a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53406,"status":200,"time_taken":370474,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:48.506082Z","timestamp":"2021-04-21T07:48:48.141468Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7232186c-2306-4597-906e-726009c578a2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54226,"status":200,"time_taken":364782,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:49.453360Z","timestamp":"2021-04-21T07:48:49.092378Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4dfce8c5-2fdc-453e-9c05-065042a30b5a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50064,"status":200,"time_taken":361036,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:49.459051Z","timestamp":"2021-04-21T07:48:49.098196Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b9f714f9-860e-4a1d-bcbf-2cf9d7da8985","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50064,"status":200,"time_taken":361087,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:51.585172Z","timestamp":"2021-04-21T07:48:51.221772Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"293a925d-87c5-4ece-a66f-617e40cf0b27","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53407,"status":200,"time_taken":363674,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:54.379539Z","timestamp":"2021-04-21T07:48:54.007725Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"41aef593-3e59-4c6f-89e3-8941338caa25","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54228,"status":200,"time_taken":372011,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:54.558467Z","timestamp":"2021-04-21T07:48:54.186100Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2a0c231b-d5b3-473a-8da5-daac634f998a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50065,"status":200,"time_taken":372420,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:48:54.564195Z","timestamp":"2021-04-21T07:48:54.191914Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e1a0dfd0-9766-49af-9ea0-c41634dc6728","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50065,"status":200,"time_taken":372442,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:57.517475Z","timestamp":"2021-04-21T07:48:57.143540Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"086f567a-e52b-4389-a0a2-1a0f2a21ba58","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53408,"status":200,"time_taken":374209,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:48:59.500413Z","timestamp":"2021-04-21T07:48:59.131167Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dcdecc3a-297f-4eb9-ad59-43c828d212ed","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54230,"status":200,"time_taken":369457,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:00.429295Z","timestamp":"2021-04-21T07:49:00.061175Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"88eb7374-34fc-467d-bae1-51c322975bc2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50066,"status":200,"time_taken":368169,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:00.434542Z","timestamp":"2021-04-21T07:49:00.067054Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c028ca26-41a2-4d87-80d2-6905acf2b2e8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50066,"status":200,"time_taken":367677,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:02.627264Z","timestamp":"2021-04-21T07:49:02.253528Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c1ffcaad-612a-4b66-9434-0c7cdd04db36","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53409,"status":200,"time_taken":374873,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:04.623622Z","timestamp":"2021-04-21T07:49:04.252088Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4a9d828e-65ed-46ac-9f67-dd8b7e6fcf54","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54232,"status":200,"time_taken":371720,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:05.492858Z","timestamp":"2021-04-21T07:49:05.123806Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"91283c1e-43d7-4794-bf48-87c2b5b6120a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50067,"status":200,"time_taken":369127,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:05.498600Z","timestamp":"2021-04-21T07:49:05.129686Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"be003c12-df4c-42ac-9fd7-ba9a3f03420c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50067,"status":200,"time_taken":369075,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:08.480811Z","timestamp":"2021-04-21T07:49:08.111954Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7555eb14-cf64-4136-b892-eb70500248e0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53410,"status":200,"time_taken":369123,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:10.492945Z","timestamp":"2021-04-21T07:49:10.125304Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c568cff4-0351-4d2f-953a-075f6a315dd2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54234,"status":200,"time_taken":367852,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:10.536524Z","timestamp":"2021-04-21T07:49:10.165120Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0fe2de90-2089-4c93-81fe-97fd1b7353c1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50069,"status":200,"time_taken":371478,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:10.542367Z","timestamp":"2021-04-21T07:49:10.170968Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0f7d858d-9804-496c-bb8e-69693af7c728","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50069,"status":200,"time_taken":371574,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:13.558088Z","timestamp":"2021-04-21T07:49:13.190456Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3629977b-c9ea-4139-8275-0996bb02e515","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53411,"status":200,"time_taken":367896,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:15.598390Z","timestamp":"2021-04-21T07:49:15.227640Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d7fb0026-090e-4bae-95e0-671a0311c68e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50070,"status":200,"time_taken":370807,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:15.604242Z","timestamp":"2021-04-21T07:49:15.233596Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"47729aab-096e-43cd-8fc3-7e4fa26729b2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50070,"status":200,"time_taken":370809,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:15.619410Z","timestamp":"2021-04-21T07:49:15.244661Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a4736898-cc0f-4c94-a060-52a0b5cc5061","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54236,"status":200,"time_taken":374946,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:18.115565Z","timestamp":"2021-04-21T07:49:18.114627Z","bytes":1897,"bytes_in":733,"bytes_out":1164,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&_=1618989993096","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993096 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":938,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993096"} {"endtime":"2021-04-21T07:49:18.116519Z","timestamp":"2021-04-21T07:49:18.114753Z","bytes":1685,"bytes_in":919,"bytes_out":766,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":1766,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:49:18.119119Z","timestamp":"2021-04-21T07:49:18.118679Z","bytes":1895,"bytes_in":733,"bytes_out":1162,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618990005099","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005099 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":440,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005099"} {"endtime":"2021-04-21T07:49:18.119364Z","timestamp":"2021-04-21T07:49:18.119190Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005100","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005100 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":174,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005100"} {"endtime":"2021-04-21T07:49:18.119419Z","timestamp":"2021-04-21T07:49:18.119190Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993097","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993097 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":229,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993097"} {"endtime":"2021-04-21T07:49:18.120098Z","timestamp":"2021-04-21T07:49:18.118679Z","bytes":1682,"bytes_in":918,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":1419,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:49:19.023309Z","timestamp":"2021-04-21T07:49:19.023309Z","count":9,"c_ip":"46.128.24.64","sum(bytes_in)":7282,"sum(bytes_out)":8701,"sum(time_taken)":7865} {"endtime":"2021-04-21T07:49:19.023309Z","timestamp":"2021-04-21T07:49:19.023309Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4072526} {"endtime":"2021-04-21T07:49:19.023309Z","timestamp":"2021-04-21T07:49:19.023309Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4055675} {"endtime":"2021-04-21T07:49:19.023309Z","timestamp":"2021-04-21T07:49:19.023309Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4079924} {"endtime":"2021-04-21T07:49:19.023386Z","timestamp":"2021-04-21T07:49:19.023386Z","count":42,"dest_ip":"10.0.1.12","sum(time_taken)":12215990} {"endtime":"2021-04-21T07:49:19.023395Z","timestamp":"2021-04-21T07:49:19.023395Z","count":42,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:49:19.023401Z","timestamp":"2021-04-21T07:49:19.023401Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":919,"sum(bytes_out)":764,"sum(time_taken)":1440} {"endtime":"2021-04-21T07:49:19.023401Z","timestamp":"2021-04-21T07:49:19.023401Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":1836,"sum(bytes_out)":1530,"sum(time_taken)":3548} {"endtime":"2021-04-21T07:49:19.023401Z","timestamp":"2021-04-21T07:49:19.023401Z","count":3,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":2199,"sum(bytes_out)":3485,"sum(time_taken)":1979} {"endtime":"2021-04-21T07:49:19.023401Z","timestamp":"2021-04-21T07:49:19.023401Z","count":3,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":2328,"sum(bytes_out)":2922,"sum(time_taken)":898} {"endtime":"2021-04-21T07:49:19.023401Z","timestamp":"2021-04-21T07:49:19.023401Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12208125} {"endtime":"2021-04-21T07:49:19.510181Z","timestamp":"2021-04-21T07:49:19.142924Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f330d0bb-76cf-4954-ab70-eb545ead2dc1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53412,"status":200,"time_taken":367569,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:21.422862Z","timestamp":"2021-04-21T07:49:21.055852Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7cf319ad-8e0b-4c1d-905d-f4a975ec783a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50071,"status":200,"time_taken":367054,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:21.428728Z","timestamp":"2021-04-21T07:49:21.061834Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9ce780fe-e228-496f-93e0-964d856d7b81","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50071,"status":200,"time_taken":367078,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:21.489185Z","timestamp":"2021-04-21T07:49:21.121478Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d8b2d192-0f78-4e5d-911a-baf472f6bc59","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54240,"status":200,"time_taken":367953,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:22.233803Z","timestamp":"2021-04-21T07:49:22.233803Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4058238} {"endtime":"2021-04-21T07:49:22.233798Z","timestamp":"2021-04-21T07:49:22.233798Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:49:22.233792Z","timestamp":"2021-04-21T07:49:22.233792Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4058238} {"endtime":"2021-04-21T07:49:22.233741Z","timestamp":"2021-04-21T07:49:22.233741Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4058238} {"endtime":"2021-04-21T07:49:24.581125Z","timestamp":"2021-04-21T07:49:24.220897Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8a35ff3c-5a91-4517-aed5-41cd3194720a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53413,"status":200,"time_taken":360475,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:26.446980Z","timestamp":"2021-04-21T07:49:26.071545Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1a5ea6a4-3fb4-45d6-8df9-675122871f6d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50072,"status":200,"time_taken":375496,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:26.452876Z","timestamp":"2021-04-21T07:49:26.077612Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b8ea2a7d-e1e5-4fd0-b97d-93ca32f1eb73","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50072,"status":200,"time_taken":375466,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:26.610112Z","timestamp":"2021-04-21T07:49:26.241008Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"425b49a9-f7aa-4868-b6f5-787f3b2c3ca9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54242,"status":200,"time_taken":369330,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:30.480475Z","timestamp":"2021-04-21T07:49:30.111356Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"47321326-d728-4e6c-8edd-620700762753","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53415,"status":200,"time_taken":369344,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:31.453360Z","timestamp":"2021-04-21T07:49:31.086399Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a6761dcd-5aeb-4727-aca6-183269d9263e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50073,"status":200,"time_taken":367000,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:31.459301Z","timestamp":"2021-04-21T07:49:31.092469Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f686183-37c5-41fd-bc8e-85ccd6d6e338","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50073,"status":200,"time_taken":367003,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:32.480742Z","timestamp":"2021-04-21T07:49:32.111917Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ebdf4891-bfcf-4cd0-8b33-8a3478e730b8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54244,"status":200,"time_taken":369036,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:35.555358Z","timestamp":"2021-04-21T07:49:35.189366Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"053abdfa-4420-441e-b063-74818f0e6440","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53417,"status":200,"time_taken":366324,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:37.455520Z","timestamp":"2021-04-21T07:49:37.086577Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"35e9d943-328c-421d-af59-f508913367c9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50074,"status":200,"time_taken":369009,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:37.461513Z","timestamp":"2021-04-21T07:49:37.092666Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3af4706b-4258-44d0-8bab-56c447482831","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50074,"status":200,"time_taken":369028,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:37.602199Z","timestamp":"2021-04-21T07:49:37.232930Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0095895b-db68-4b4a-b32b-7ddc61f15c72","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54246,"status":200,"time_taken":369625,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:41.448121Z","timestamp":"2021-04-21T07:49:41.080833Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"595c4802-a84f-47c0-8c0f-9fac454a7966","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53418,"status":200,"time_taken":367664,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:42.516113Z","timestamp":"2021-04-21T07:49:42.149096Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2d3e073-5f79-4609-a75d-ac38b0ffb724","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50075,"status":200,"time_taken":367062,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:42.522147Z","timestamp":"2021-04-21T07:49:42.155205Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0ed4d056-2a04-4e7a-9b9d-3e7fdcf714d9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50075,"status":200,"time_taken":367099,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:43.469784Z","timestamp":"2021-04-21T07:49:43.103994Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e4082872-a023-4965-98bb-10077a79ec02","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54248,"status":200,"time_taken":365980,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:46.554857Z","timestamp":"2021-04-21T07:49:46.189627Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c333d4f6-4b03-49f6-ab42-70d7638960e2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53419,"status":200,"time_taken":365554,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:48.533123Z","timestamp":"2021-04-21T07:49:48.164785Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"26dc5a73-9279-4125-956d-a83642c3bf5d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50076,"status":200,"time_taken":368423,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:48.539197Z","timestamp":"2021-04-21T07:49:48.170932Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec03384f-0124-4e60-be6e-0a30053b61e4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50076,"status":200,"time_taken":368446,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:48.584537Z","timestamp":"2021-04-21T07:49:48.221674Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"aaceaaed-1900-481b-9f5e-71a3924e9858","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54250,"status":200,"time_taken":363106,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:51.610698Z","timestamp":"2021-04-21T07:49:51.251460Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"28e9dcaa-f506-4d5b-8b55-30f1152e551f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53420,"status":200,"time_taken":359565,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:54.447263Z","timestamp":"2021-04-21T07:49:54.086433Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d551f8be-bd22-48c7-b108-481ec6501b7d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54252,"status":200,"time_taken":361083,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:54.509486Z","timestamp":"2021-04-21T07:49:54.149310Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"53ba6c11-591d-4ef6-a1df-4b0f3f873815","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50077,"status":200,"time_taken":360211,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:49:54.515573Z","timestamp":"2021-04-21T07:49:54.155495Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"471fadbf-03e4-413f-8f4e-15dc0f091d2b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50077,"status":200,"time_taken":360275,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:57.409933Z","timestamp":"2021-04-21T07:49:57.048632Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"db79f56d-6e54-4fd5-a22d-747f641d7744","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53421,"status":200,"time_taken":361619,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:49:59.564379Z","timestamp":"2021-04-21T07:49:59.199103Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b16d0ea0-4458-4ef8-bba8-66f813fa9f97","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54254,"status":200,"time_taken":365527,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:00.473115Z","timestamp":"2021-04-21T07:50:00.102572Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c4cbc83c-d016-4f1d-9e1a-4bc3a6120c83","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50078,"status":200,"time_taken":370596,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:00.479248Z","timestamp":"2021-04-21T07:50:00.108801Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"26bcb899-dae4-4cd8-bee2-8c928345e3a9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50078,"status":200,"time_taken":370659,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:02.540429Z","timestamp":"2021-04-21T07:50:02.173057Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b48615f4-0e07-4b19-9edd-83b6d4668dd4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":53423,"status":200,"time_taken":367709,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:05.438496Z","timestamp":"2021-04-21T07:50:05.066348Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f7c37749-3f7f-4776-82f1-c05d4d55dec8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54256,"status":200,"time_taken":372453,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:05.482634Z","timestamp":"2021-04-21T07:50:05.118122Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a2be5ea0-68da-463a-9991-45d114981ff3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50079,"status":200,"time_taken":364549,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:05.488734Z","timestamp":"2021-04-21T07:50:05.124342Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"904a8f5d-f92e-421d-ae46-728c0d9aba84","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50079,"status":200,"time_taken":364540,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:07.613476Z","timestamp":"2021-04-21T07:50:07.250828Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f48e1c8c-bec1-4a64-929e-5b5b57639244","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62869,"status":200,"time_taken":362878,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:10.564187Z","timestamp":"2021-04-21T07:50:10.190284Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9238a9fe-6991-422f-bccb-5d882f49b9d0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54258,"status":200,"time_taken":374173,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:11.410406Z","timestamp":"2021-04-21T07:50:11.032548Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"feb2eb33-cf0a-4ce5-acda-841183d3a91e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50081,"status":200,"time_taken":377912,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:11.416442Z","timestamp":"2021-04-21T07:50:11.038738Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0270822a-5a0e-4e38-8176-a96459ccdcbd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50081,"status":200,"time_taken":377881,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:13.505390Z","timestamp":"2021-04-21T07:50:13.141212Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1100384f-5972-44c1-a73d-aeab6b2e3df9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62870,"status":200,"time_taken":364406,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:14.066613Z","timestamp":"2021-04-21T07:50:14.066048Z","bytes":1748,"bytes_in":776,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005102","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005102 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":565,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005102"} {"endtime":"2021-04-21T07:50:14.066691Z","timestamp":"2021-04-21T07:50:14.066123Z","bytes":1750,"bytes_in":776,"bytes_out":974,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993099","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993099 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":568,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993099"} {"endtime":"2021-04-21T07:50:14.066930Z","timestamp":"2021-04-21T07:50:14.066123Z","bytes":1895,"bytes_in":733,"bytes_out":1162,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618990005101","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005101 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":807,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005101"} {"endtime":"2021-04-21T07:50:14.067004Z","timestamp":"2021-04-21T07:50:14.066123Z","bytes":1895,"bytes_in":733,"bytes_out":1162,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618989993098","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993098 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":881,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993098"} {"endtime":"2021-04-21T07:50:14.068016Z","timestamp":"2021-04-21T07:50:14.066048Z","bytes":1682,"bytes_in":918,"bytes_out":764,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":1968,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:50:14.068081Z","timestamp":"2021-04-21T07:50:14.066048Z","bytes":1681,"bytes_in":919,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=pY0foAhtZWUs9YPWqnGPmDyz0WythxAwmTZlbCc2IKNaigTn4Vw9YCacFBd5DO1qvolvNgig1Fb6NMDZK5_gyGY_3MlvUlfYz4uSUAm46CYue92ns54poReE1_xK2vQvHO012o9aSF","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":2033,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:50:16.429893Z","timestamp":"2021-04-21T07:50:16.065941Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"412a73ba-e156-4436-bca7-997192fc574e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54260,"status":200,"time_taken":364157,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:17.419513Z","timestamp":"2021-04-21T07:50:17.048240Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a0266c2d-a1c9-46a8-97dc-57c13e144ff5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50082,"status":200,"time_taken":371308,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:17.425520Z","timestamp":"2021-04-21T07:50:17.054395Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9a1f7424-1ea8-4be2-8e4a-069b93806132","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50082,"status":200,"time_taken":371285,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:18.585437Z","timestamp":"2021-04-21T07:50:18.219297Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a344e43f-8235-402c-97a4-3477d79135e4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62871,"status":200,"time_taken":366444,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:19.120018Z","timestamp":"2021-04-21T07:50:19.120018Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4855,"sum(bytes_out)":5804,"sum(time_taken)":4966} {"endtime":"2021-04-21T07:50:19.120018Z","timestamp":"2021-04-21T07:50:19.120018Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4042423} {"endtime":"2021-04-21T07:50:19.120018Z","timestamp":"2021-04-21T07:50:19.120018Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4058760} {"endtime":"2021-04-21T07:50:19.120018Z","timestamp":"2021-04-21T07:50:19.120018Z","count":12,"c_ip":"10.0.1.14","sum(bytes_in)":2004,"sum(bytes_out)":12192,"sum(time_taken)":4379551} {"endtime":"2021-04-21T07:50:19.120098Z","timestamp":"2021-04-21T07:50:19.120098Z","count":40,"dest_ip":"10.0.1.12","sum(time_taken)":12485700} {"endtime":"2021-04-21T07:50:19.120106Z","timestamp":"2021-04-21T07:50:19.120106Z","count":40,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:50:19.120113Z","timestamp":"2021-04-21T07:50:19.120113Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":919,"sum(bytes_out)":766,"sum(time_taken)":1766} {"endtime":"2021-04-21T07:50:19.120113Z","timestamp":"2021-04-21T07:50:19.120113Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":918,"sum(bytes_out)":764,"sum(time_taken)":1419} {"endtime":"2021-04-21T07:50:19.120113Z","timestamp":"2021-04-21T07:50:19.120113Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1466,"sum(bytes_out)":2326,"sum(time_taken)":1378} {"endtime":"2021-04-21T07:50:19.120113Z","timestamp":"2021-04-21T07:50:19.120113Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1552,"sum(bytes_out)":1948,"sum(time_taken)":403} {"endtime":"2021-04-21T07:50:19.120113Z","timestamp":"2021-04-21T07:50:19.120113Z","count":34,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5678,"sum(bytes_out)":34544,"sum(time_taken)":12480734} {"endtime":"2021-04-21T07:50:21.558495Z","timestamp":"2021-04-21T07:50:21.182016Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"df0f2eb7-cae3-4bd1-bd98-6daea3b58b10","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54264,"status":200,"time_taken":376695,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:22.618426Z","timestamp":"2021-04-21T07:50:22.235908Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6ec23a3e-0891-426d-a9b6-f0418e371b3f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50083,"status":200,"time_taken":382583,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:22.624427Z","timestamp":"2021-04-21T07:50:22.241955Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"281ce193-736c-4af4-89c5-f5a3f07e0fa2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50083,"status":200,"time_taken":382707,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:23.053099Z","timestamp":"2021-04-21T07:50:23.053099Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4074149} {"endtime":"2021-04-21T07:50:23.053094Z","timestamp":"2021-04-21T07:50:23.053094Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:50:23.053087Z","timestamp":"2021-04-21T07:50:23.053087Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4074149} {"endtime":"2021-04-21T07:50:23.053027Z","timestamp":"2021-04-21T07:50:23.053027Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4074149} {"endtime":"2021-04-21T07:50:24.494223Z","timestamp":"2021-04-21T07:50:24.125218Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5762089b-40ce-4c93-b553-d5792fedaba2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62872,"status":200,"time_taken":369286,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:27.430128Z","timestamp":"2021-04-21T07:50:27.060162Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4c3a00e9-2fb0-4962-b288-d0ba94ad5f3c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54266,"status":200,"time_taken":370213,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:28.620808Z","timestamp":"2021-04-21T07:50:28.251576Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e5fbca0f-e5fb-4d06-99f3-35b7a7a8958d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50084,"status":200,"time_taken":369268,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:28.626773Z","timestamp":"2021-04-21T07:50:28.257652Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b516737e-5173-4ce6-a9d3-cc7e1331946a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50084,"status":200,"time_taken":369287,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:29.584148Z","timestamp":"2021-04-21T07:50:29.218755Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"17c1057a-43f6-4d22-9850-bc4d0e6610d5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62873,"status":200,"time_taken":365611,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:32.549740Z","timestamp":"2021-04-21T07:50:32.181744Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b3c0e20b-6bf0-4095-99f1-65c1a31db490","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54268,"status":200,"time_taken":368245,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:34.561391Z","timestamp":"2021-04-21T07:50:34.187513Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"556c7496-9663-4491-bafe-7fbf85538534","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50085,"status":200,"time_taken":373945,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:34.567270Z","timestamp":"2021-04-21T07:50:34.193585Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9cac6336-c7d4-4c7a-a5da-24a66200de6f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50085,"status":200,"time_taken":373934,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:34.618132Z","timestamp":"2021-04-21T07:50:34.249924Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"266c9ea2-3f0a-4a70-8f75-5bf62724fa6e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62876,"status":200,"time_taken":368650,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:38.415241Z","timestamp":"2021-04-21T07:50:38.051261Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"04bc8ce8-8624-4ea8-ad31-b45164714a9a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54270,"status":200,"time_taken":364179,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:39.552770Z","timestamp":"2021-04-21T07:50:39.187269Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"86861c84-ffb9-495d-be4f-5b15d32539fc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50086,"status":200,"time_taken":365546,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:39.558703Z","timestamp":"2021-04-21T07:50:39.193298Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"98aa8435-83d9-4777-b959-a22960368762","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50086,"status":200,"time_taken":365569,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:40.448967Z","timestamp":"2021-04-21T07:50:40.077791Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"54ea88ea-7bc8-4275-976b-24a942b209b1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62880,"status":200,"time_taken":371434,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:43.549818Z","timestamp":"2021-04-21T07:50:43.167001Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5ae4a570-6dbb-4cee-a0d4-bc0218614526","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54272,"status":200,"time_taken":383084,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:45.530565Z","timestamp":"2021-04-21T07:50:45.155650Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"38ff919e-4f81-45f0-8ccb-0fb3686f3f4f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62881,"status":200,"time_taken":375175,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:45.550261Z","timestamp":"2021-04-21T07:50:45.171759Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"32db673b-3c52-4d47-ad4f-9fc3ec445a04","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50087,"status":200,"time_taken":378533,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:45.556130Z","timestamp":"2021-04-21T07:50:45.177641Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b36c1a5d-4844-466f-800e-08a8ef3879d0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50087,"status":200,"time_taken":378639,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:49.407803Z","timestamp":"2021-04-21T07:50:49.051421Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c547e287-0610-41b8-a2a7-b3c35128c3e4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54274,"status":200,"time_taken":356618,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:50.556772Z","timestamp":"2021-04-21T07:50:50.186806Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f7890d22-c2c8-419c-8e31-0e28fee9e3c1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62883,"status":200,"time_taken":370304,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:51.445258Z","timestamp":"2021-04-21T07:50:51.078141Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"98141121-79cc-4dc1-a504-f6a994ec9f9d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50088,"status":200,"time_taken":367176,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:51.451124Z","timestamp":"2021-04-21T07:50:51.084150Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ff5e3aa5-b121-46a2-a654-9a491f102964","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50088,"status":200,"time_taken":367338,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:54.524330Z","timestamp":"2021-04-21T07:50:54.159528Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b358bda9-15af-417f-84ae-4e062f3a525b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54276,"status":200,"time_taken":364999,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:55.601631Z","timestamp":"2021-04-21T07:50:55.233541Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1b3f899c-a629-43da-bf64-524f260f8bb3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62888,"status":200,"time_taken":368376,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:50:57.415017Z","timestamp":"2021-04-21T07:50:57.046816Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2a7026b1-71b6-4c15-821d-56363e1bde5b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50089,"status":200,"time_taken":368250,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:50:57.420785Z","timestamp":"2021-04-21T07:50:57.052756Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4f177afc-40d5-4d09-8508-9a3dc5723c69","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50089,"status":200,"time_taken":368186,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:00.399935Z","timestamp":"2021-04-21T07:51:00.025747Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"33970cc9-75d1-4817-ae7d-da44b0123a70","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54278,"status":200,"time_taken":374437,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:01.391106Z","timestamp":"2021-04-21T07:51:01.014478Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8da20aa2-a15b-4a64-8005-8ee2c1e4d997","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62889,"status":200,"time_taken":376918,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:02.412723Z","timestamp":"2021-04-21T07:51:02.047037Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"be75dca9-0fec-4737-9a22-177da57e4ad7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50090,"status":200,"time_taken":365744,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:02.418486Z","timestamp":"2021-04-21T07:51:02.052987Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3f0f200e-6bbf-46e8-be8f-755484340517","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50090,"status":200,"time_taken":365782,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:05.524682Z","timestamp":"2021-04-21T07:51:05.151643Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0d9eb6c7-6100-4b7e-9620-18eacc966bf7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54280,"status":200,"time_taken":373289,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:06.530511Z","timestamp":"2021-04-21T07:51:06.154974Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"aeb0b7b9-6015-4d4a-bf8d-b7b3ba228ca2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62890,"status":200,"time_taken":375793,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:08.414421Z","timestamp":"2021-04-21T07:51:08.046966Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4d5a1e1a-14b2-4d03-a893-a95b53383b62","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50092,"status":200,"time_taken":367506,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:08.420160Z","timestamp":"2021-04-21T07:51:08.052844Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a4074552-7daa-42da-a63d-add5f72f8963","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50092,"status":200,"time_taken":367467,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:11.398273Z","timestamp":"2021-04-21T07:51:11.026183Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"321d8780-0d5a-405e-aa3a-c6b14159a65d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54282,"status":200,"time_taken":372298,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:11.553037Z","timestamp":"2021-04-21T07:51:11.186060Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ee394fe7-f2ed-4a70-a27f-5061089b7c17","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62891,"status":200,"time_taken":367249,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:13.444719Z","timestamp":"2021-04-21T07:51:13.078764Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bdd2f5fc-0968-4ffa-a5cc-70c5df00287c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50093,"status":200,"time_taken":366002,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:13.450461Z","timestamp":"2021-04-21T07:51:13.084637Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7a19caaa-06d6-4522-b70d-871e37d4c9fd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50093,"status":200,"time_taken":366111,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:16.526455Z","timestamp":"2021-04-21T07:51:16.150097Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"02bec04c-8866-4b57-af1e-03c139223428","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54284,"status":200,"time_taken":376620,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:16.585261Z","timestamp":"2021-04-21T07:51:16.217113Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"76e6d077-a5c2-42d9-802e-25f1caa669e6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62892,"status":200,"time_taken":368454,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:18.151019Z","timestamp":"2021-04-21T07:51:18.150287Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&_=1618990005103","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005103 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":732,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005103"} {"endtime":"2021-04-21T07:51:18.152113Z","timestamp":"2021-04-21T07:51:18.150288Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":1825,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:51:18.154763Z","timestamp":"2021-04-21T07:51:18.154290Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618989993100","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993100 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":473,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993100"} {"endtime":"2021-04-21T07:51:18.154959Z","timestamp":"2021-04-21T07:51:18.154759Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993101","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993101 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":200,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993101"} {"endtime":"2021-04-21T07:51:18.155087Z","timestamp":"2021-04-21T07:51:18.154865Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005104","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005104 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":222,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005104"} {"endtime":"2021-04-21T07:51:18.155504Z","timestamp":"2021-04-21T07:51:18.154290Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":1214,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:51:19.229740Z","timestamp":"2021-04-21T07:51:19.229740Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4855,"sum(bytes_out)":5796,"sum(time_taken)":6822} {"endtime":"2021-04-21T07:51:19.229740Z","timestamp":"2021-04-21T07:51:19.229740Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4080677} {"endtime":"2021-04-21T07:51:19.229740Z","timestamp":"2021-04-21T07:51:19.229740Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3705020} {"endtime":"2021-04-21T07:51:19.229740Z","timestamp":"2021-04-21T07:51:19.229740Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4077250} {"endtime":"2021-04-21T07:51:19.229815Z","timestamp":"2021-04-21T07:51:19.229815Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":11869769} {"endtime":"2021-04-21T07:51:19.229823Z","timestamp":"2021-04-21T07:51:19.229823Z","count":38,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:51:19.229830Z","timestamp":"2021-04-21T07:51:19.229830Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":919,"sum(bytes_out)":762,"sum(time_taken)":2033} {"endtime":"2021-04-21T07:51:19.229830Z","timestamp":"2021-04-21T07:51:19.229830Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":918,"sum(bytes_out)":764,"sum(time_taken)":1968} {"endtime":"2021-04-21T07:51:19.229830Z","timestamp":"2021-04-21T07:51:19.229830Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1466,"sum(bytes_out)":2324,"sum(time_taken)":1688} {"endtime":"2021-04-21T07:51:19.229830Z","timestamp":"2021-04-21T07:51:19.229830Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1552,"sum(bytes_out)":1946,"sum(time_taken)":1133} {"endtime":"2021-04-21T07:51:19.229830Z","timestamp":"2021-04-21T07:51:19.229830Z","count":32,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5344,"sum(bytes_out)":32512,"sum(time_taken)":11862947} {"endtime":"2021-04-21T07:51:19.402028Z","timestamp":"2021-04-21T07:51:19.031887Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e3df7408-d38a-4338-aebc-55ec3debb906","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50094,"status":200,"time_taken":370189,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:19.407709Z","timestamp":"2021-04-21T07:51:19.037740Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"62e89a40-369b-48d6-a29c-ee24839edab0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50094,"status":200,"time_taken":370179,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:22.395560Z","timestamp":"2021-04-21T07:51:22.028286Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b4ad5c93-9f1e-4c07-b611-1a92be91115e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54288,"status":200,"time_taken":367484,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:22.435740Z","timestamp":"2021-04-21T07:51:22.060554Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9b49635b-f9cf-4331-9ae0-cdafc3a2f30d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62893,"status":200,"time_taken":375415,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:23.140338Z","timestamp":"2021-04-21T07:51:23.140338Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3692159} {"endtime":"2021-04-21T07:51:23.140334Z","timestamp":"2021-04-21T07:51:23.140334Z","count":10,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:51:23.140327Z","timestamp":"2021-04-21T07:51:23.140327Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3692159} {"endtime":"2021-04-21T07:51:23.140298Z","timestamp":"2021-04-21T07:51:23.140298Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3692159} {"endtime":"2021-04-21T07:51:24.593852Z","timestamp":"2021-04-21T07:51:24.219535Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fae3412f-4426-4525-ab5f-056fc9eeaff2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50095,"status":200,"time_taken":374375,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:24.599558Z","timestamp":"2021-04-21T07:51:24.225329Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1ecf2bca-4843-405e-9f67-1765baa8d2cf","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50095,"status":200,"time_taken":374456,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:27.517775Z","timestamp":"2021-04-21T07:51:27.147275Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"13a83c52-edf3-4d8d-9120-4dc74aeaaeff","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54290,"status":200,"time_taken":370723,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:27.527750Z","timestamp":"2021-04-21T07:51:27.138537Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"74898115-bf44-4f49-9d22-701c8edfa621","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62894,"status":200,"time_taken":389517,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:29.614548Z","timestamp":"2021-04-21T07:51:29.250739Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"69bce510-6a81-4fc0-9e1c-5ae23af90747","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50096,"status":200,"time_taken":363862,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:29.620225Z","timestamp":"2021-04-21T07:51:29.256527Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8eb8b557-4d70-4ec1-ac18-4e356fbf7d92","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50096,"status":200,"time_taken":363867,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:32.632187Z","timestamp":"2021-04-21T07:51:32.247751Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0c0f64e1-aaae-4088-99bc-d4e16e902955","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62896,"status":200,"time_taken":384832,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:33.391857Z","timestamp":"2021-04-21T07:51:33.019589Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cb3204e5-449f-478e-bdca-82ebb519a1ec","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54292,"status":200,"time_taken":372533,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:35.397065Z","timestamp":"2021-04-21T07:51:35.032377Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a93ba3cd-557f-4ec8-8570-79f14569a9b8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50097,"status":200,"time_taken":364742,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:35.402705Z","timestamp":"2021-04-21T07:51:35.038143Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d4bd1326-9849-495a-b9b4-91c9859b0508","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50097,"status":200,"time_taken":364728,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:38.488930Z","timestamp":"2021-04-21T07:51:38.122451Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6ba24285-1d0b-4d18-be92-e7e5fd0c9544","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62898,"status":200,"time_taken":366757,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:38.501579Z","timestamp":"2021-04-21T07:51:38.143485Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6702c48f-8f23-40a9-8f68-bfb3b597a9be","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54294,"status":200,"time_taken":358288,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:40.414192Z","timestamp":"2021-04-21T07:51:40.047803Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"22fc0730-295d-4279-ba10-b96af7814d7d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50098,"status":200,"time_taken":366453,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:40.419813Z","timestamp":"2021-04-21T07:51:40.053547Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0d16b6f0-7e11-4565-abcf-f708c65df940","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50098,"status":200,"time_taken":366446,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:43.580793Z","timestamp":"2021-04-21T07:51:43.216074Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2d6130f8-6835-45e1-908e-97ecee8d6d3e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62899,"status":200,"time_taken":365000,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:43.612960Z","timestamp":"2021-04-21T07:51:43.253215Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e3397803-7649-49ad-97f1-8ad334dc0df8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54296,"status":200,"time_taken":359945,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:46.400609Z","timestamp":"2021-04-21T07:51:46.032252Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"aa1a2a5e-7bb2-4b90-a9ec-0d335bf006a0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50099,"status":200,"time_taken":368398,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:46.406169Z","timestamp":"2021-04-21T07:51:46.037899Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2b2c1599-cfaa-42d1-82c4-1ac2a9cd6d01","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50099,"status":200,"time_taken":368431,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:49.479728Z","timestamp":"2021-04-21T07:51:49.114643Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f256380d-6c22-4c61-85ef-b0d56d928d8c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54298,"status":200,"time_taken":365304,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:49.480058Z","timestamp":"2021-04-21T07:51:49.106528Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f3194abb-f752-4b36-9bac-e7140f2e1620","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62900,"status":200,"time_taken":373869,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:52.397102Z","timestamp":"2021-04-21T07:51:52.032305Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"54a3b692-35dd-40d7-9b54-37bae5ce6823","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50100,"status":200,"time_taken":364830,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:52.402561Z","timestamp":"2021-04-21T07:51:52.037998Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1908f0c0-361e-4928-994c-fe4b428a8c8a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50100,"status":200,"time_taken":364739,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:54.583160Z","timestamp":"2021-04-21T07:51:54.215772Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fbc20f25-680f-4aa7-a1c9-3175e98b68a2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62901,"status":200,"time_taken":367712,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:54.591116Z","timestamp":"2021-04-21T07:51:54.231277Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"60eb3f9b-38b2-4596-9ace-0071d5295efb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54300,"status":200,"time_taken":360050,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:58.420511Z","timestamp":"2021-04-21T07:51:58.048270Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"55e028f6-0e71-46d8-b05a-a62d868ff4dc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50101,"status":200,"time_taken":372255,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:51:58.425998Z","timestamp":"2021-04-21T07:51:58.053819Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"27c26677-6279-487f-824e-b3b95a4cf291","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50101,"status":200,"time_taken":372348,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:51:59.651418Z","timestamp":"2021-04-21T07:51:59.278024Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8a12519a-9b86-4887-9ecf-3d1ec3654075","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62902,"status":200,"time_taken":373731,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:00.462589Z","timestamp":"2021-04-21T07:52:00.092981Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"97ff863e-75ba-4e4b-9134-a6ab10c582c2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54302,"status":200,"time_taken":369866,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:03.434613Z","timestamp":"2021-04-21T07:52:03.063721Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e91aa762-0a0b-4f77-a1b9-28c3b00b94f9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50102,"status":200,"time_taken":370944,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:03.440100Z","timestamp":"2021-04-21T07:52:03.069384Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bac0c585-e9d0-4ac9-b7f1-84f39a186381","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50102,"status":200,"time_taken":370928,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:05.508687Z","timestamp":"2021-04-21T07:52:05.137028Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cb256304-0a1a-4e5c-ba4b-1f619b00f2b8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62903,"status":200,"time_taken":371880,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:05.585689Z","timestamp":"2021-04-21T07:52:05.214314Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"67a84305-6338-419b-8286-ad1f6d663fcc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54304,"status":200,"time_taken":371668,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:09.412870Z","timestamp":"2021-04-21T07:52:09.041659Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"04ec7854-cbe5-46eb-ab06-006cf28aa300","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50104,"status":200,"time_taken":371259,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:09.418326Z","timestamp":"2021-04-21T07:52:09.047292Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"26dfe252-8f20-4f7f-b7a8-0e23ac966acd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50104,"status":200,"time_taken":371201,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:10.557833Z","timestamp":"2021-04-21T07:52:10.183829Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"57056d73-eee5-4f1f-bd96-3def724e8af9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62904,"status":200,"time_taken":374285,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:11.469804Z","timestamp":"2021-04-21T07:52:11.087473Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0e20cb66-f067-4c84-8018-8e7f61f19b58","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54306,"status":200,"time_taken":382561,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:15.425260Z","timestamp":"2021-04-21T07:52:15.057348Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c1dedfb6-1fba-4a31-8027-b90eaa27e9f9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50105,"status":200,"time_taken":367950,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:15.430715Z","timestamp":"2021-04-21T07:52:15.062963Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2930eca2-32da-4a94-a798-8766c13c5fe5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50105,"status":200,"time_taken":367926,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:16.437471Z","timestamp":"2021-04-21T07:52:16.075113Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"82276668-63ec-49a7-ab2e-d40e41995b1b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62905,"status":200,"time_taken":363506,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:16.592464Z","timestamp":"2021-04-21T07:52:16.221553Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"14b39c1a-ce40-4233-97c5-e4487b9858c5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54308,"status":200,"time_taken":371145,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:18.243834Z","timestamp":"2021-04-21T07:52:18.243240Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618989993102","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993102 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":594,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993102"} {"endtime":"2021-04-21T07:52:18.244024Z","timestamp":"2021-04-21T07:52:18.243240Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&_=1618990005105","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005105 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":784,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005105"} {"endtime":"2021-04-21T07:52:18.244675Z","timestamp":"2021-04-21T07:52:18.242942Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":1733,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:52:18.281885Z","timestamp":"2021-04-21T07:52:18.281610Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993103","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993103 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":275,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993103"} {"endtime":"2021-04-21T07:52:18.495731Z","timestamp":"2021-04-21T07:52:18.495385Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005106","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005106 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":346,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005106"} {"endtime":"2021-04-21T07:52:18.497154Z","timestamp":"2021-04-21T07:52:18.495256Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":1898,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:52:20.064711Z","timestamp":"2021-04-21T07:52:20.064711Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5788,"sum(time_taken)":4666} {"endtime":"2021-04-21T07:52:20.064711Z","timestamp":"2021-04-21T07:52:20.064711Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4049567} {"endtime":"2021-04-21T07:52:20.064711Z","timestamp":"2021-04-21T07:52:20.064711Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4055249} {"endtime":"2021-04-21T07:52:20.064711Z","timestamp":"2021-04-21T07:52:20.064711Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4106504} {"endtime":"2021-04-21T07:52:20.064787Z","timestamp":"2021-04-21T07:52:20.064787Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":12215986} {"endtime":"2021-04-21T07:52:20.064795Z","timestamp":"2021-04-21T07:52:20.064795Z","count":39,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:52:20.064802Z","timestamp":"2021-04-21T07:52:20.064802Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1214} {"endtime":"2021-04-21T07:52:20.064802Z","timestamp":"2021-04-21T07:52:20.064802Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1825} {"endtime":"2021-04-21T07:52:20.064802Z","timestamp":"2021-04-21T07:52:20.064802Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2320,"sum(time_taken)":1205} {"endtime":"2021-04-21T07:52:20.064802Z","timestamp":"2021-04-21T07:52:20.064802Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":422} {"endtime":"2021-04-21T07:52:20.064802Z","timestamp":"2021-04-21T07:52:20.064802Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12211320} {"endtime":"2021-04-21T07:52:20.627844Z","timestamp":"2021-04-21T07:52:20.260539Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"02397d64-3229-4f14-a6f2-024ff4f27f8c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50107,"status":200,"time_taken":367345,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:20.633321Z","timestamp":"2021-04-21T07:52:20.266111Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1f9c37e1-aef0-45d8-8dff-29653fdf8fb1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50107,"status":200,"time_taken":367385,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:21.523112Z","timestamp":"2021-04-21T07:52:21.152232Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ff65e5a9-93f5-4f6a-b790-3102990f7d21","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62906,"status":200,"time_taken":371228,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:22.461764Z","timestamp":"2021-04-21T07:52:22.094640Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6cfb73cc-6679-479f-b844-8239f236e6b9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54312,"status":200,"time_taken":367324,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:23.206783Z","timestamp":"2021-04-21T07:52:23.206783Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4052413} {"endtime":"2021-04-21T07:52:23.206778Z","timestamp":"2021-04-21T07:52:23.206778Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:52:23.206771Z","timestamp":"2021-04-21T07:52:23.206771Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4052413} {"endtime":"2021-04-21T07:52:23.206720Z","timestamp":"2021-04-21T07:52:23.206720Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4052413} {"endtime":"2021-04-21T07:52:26.615957Z","timestamp":"2021-04-21T07:52:26.245045Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"494ba8a9-c2a0-4494-b990-1d315c6d946d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50108,"status":200,"time_taken":370969,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:26.621399Z","timestamp":"2021-04-21T07:52:26.250627Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"953e7667-7e10-45ea-a31b-8ac0dae9feab","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50108,"status":200,"time_taken":370940,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:26.630817Z","timestamp":"2021-04-21T07:52:26.261438Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3e42f425-b450-43ee-bdfe-f8ef7ab331fd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62907,"status":200,"time_taken":369647,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:27.578028Z","timestamp":"2021-04-21T07:52:27.213401Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"16fd7448-6daa-4bbc-8c0c-23a5aff508bc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54314,"status":200,"time_taken":364806,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:32.388370Z","timestamp":"2021-04-21T07:52:32.026382Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"29ea7da2-c15c-404e-8ef3-f5dfe7037aec","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50109,"status":200,"time_taken":362047,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:32.393770Z","timestamp":"2021-04-21T07:52:32.031929Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ac628b2a-be16-4d27-833d-3618d1af9410","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50109,"status":200,"time_taken":362066,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:32.467099Z","timestamp":"2021-04-21T07:52:32.104840Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5a99aeef-1119-4f90-9789-5ab9bdadb248","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62909,"status":200,"time_taken":362511,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:33.452168Z","timestamp":"2021-04-21T07:52:33.080001Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"37382cd9-cf71-4c9e-8686-cafb66d22ce7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54316,"status":200,"time_taken":372427,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:37.505167Z","timestamp":"2021-04-21T07:52:37.135944Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"068f18d2-8c0b-4e0e-9a19-6efb2e68da07","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62911,"status":200,"time_taken":369458,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:38.398076Z","timestamp":"2021-04-21T07:52:38.026399Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f45000c5-e529-4b9e-9207-9886a5d50585","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50110,"status":200,"time_taken":371730,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:38.403488Z","timestamp":"2021-04-21T07:52:38.031934Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dcbb495e-8b5e-4f7f-b5b6-4689dcb337a5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50110,"status":200,"time_taken":371725,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:38.577142Z","timestamp":"2021-04-21T07:52:38.203882Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0f5c61d5-6839-4921-8d41-36357dc36dcc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54318,"status":200,"time_taken":373492,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:42.536653Z","timestamp":"2021-04-21T07:52:42.167239Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d8d5acdb-0f29-4b99-a557-c959a9f15d19","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62912,"status":200,"time_taken":369900,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:43.597359Z","timestamp":"2021-04-21T07:52:43.229604Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"79fd7cda-7999-4ccc-ae01-e76fb4a8734d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50111,"status":200,"time_taken":367806,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:43.602731Z","timestamp":"2021-04-21T07:52:43.235099Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0f16ad82-de37-4dd3-bdde-f0bdbe5780b4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50111,"status":200,"time_taken":367812,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:44.450299Z","timestamp":"2021-04-21T07:52:44.078787Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fbe3c0a0-77e2-4d1f-9eaa-c742bc3a513a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54320,"status":200,"time_taken":371764,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:47.586876Z","timestamp":"2021-04-21T07:52:47.229510Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b05cb0fa-f5f2-4f52-a49a-c2fbc448b5c8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62914,"status":200,"time_taken":357822,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:49.539352Z","timestamp":"2021-04-21T07:52:49.182847Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e41246ce-770b-4113-8065-f1cd62d449f4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50112,"status":200,"time_taken":356565,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:49.544765Z","timestamp":"2021-04-21T07:52:49.188334Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"959b2e5c-5d42-446f-8ffe-e914293b4148","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50112,"status":200,"time_taken":356641,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:49.563208Z","timestamp":"2021-04-21T07:52:49.202003Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"11936219-0e6e-49cf-a908-a9b141b6506b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54322,"status":200,"time_taken":361468,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:52.648178Z","timestamp":"2021-04-21T07:52:52.276015Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1d6195a2-725f-4ed7-925a-f92b8f280c4d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62915,"status":200,"time_taken":372495,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:55.435012Z","timestamp":"2021-04-21T07:52:55.064929Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fef7468d-d07a-4fb9-83e7-730c4496a651","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54324,"status":200,"time_taken":370302,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:55.484687Z","timestamp":"2021-04-21T07:52:55.120685Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d64dcb7a-c300-4355-a322-1cb4eed2d48c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50113,"status":200,"time_taken":364041,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:52:55.490043Z","timestamp":"2021-04-21T07:52:55.126177Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"39bdd2f0-74e0-4d1e-9dea-516d27eaaa43","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50113,"status":200,"time_taken":364314,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:52:58.464067Z","timestamp":"2021-04-21T07:52:58.104386Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"018e2808-99cb-4238-b93f-42b8de22ab49","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62916,"status":200,"time_taken":360020,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:00.551957Z","timestamp":"2021-04-21T07:53:00.186650Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"928d0234-95d1-4c96-ac97-27d77563a94c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54326,"status":200,"time_taken":365533,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:01.486067Z","timestamp":"2021-04-21T07:53:01.120497Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"69a7f479-6de3-4837-afc1-ed4171691e0c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50114,"status":200,"time_taken":365622,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:01.491452Z","timestamp":"2021-04-21T07:53:01.125975Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b315b852-df43-47b1-8881-52de85a99892","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50114,"status":200,"time_taken":365643,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:03.583192Z","timestamp":"2021-04-21T07:53:03.213078Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"be67cbaf-4545-4451-a842-0a4657edd436","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62917,"status":200,"time_taken":370375,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:06.417448Z","timestamp":"2021-04-21T07:53:06.054037Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"21935c3a-9f1e-40a5-b6d9-d6db8d720116","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54328,"status":200,"time_taken":363812,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:06.509291Z","timestamp":"2021-04-21T07:53:06.136133Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4e981dd7-666b-45cb-a71e-ee17cdabcd18","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50115,"status":200,"time_taken":373203,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:06.514637Z","timestamp":"2021-04-21T07:53:06.141603Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"248aa97b-a7fa-46a3-b6f1-44831108c5ec","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50115,"status":200,"time_taken":373181,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:09.510381Z","timestamp":"2021-04-21T07:53:09.134904Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ca1faf52-b9d4-4abb-9a22-f1886ae0e4d5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62918,"status":200,"time_taken":375815,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:11.540747Z","timestamp":"2021-04-21T07:53:11.169653Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6c69a495-1bf3-411a-9b0d-15f660a58b95","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54330,"status":200,"time_taken":371338,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:12.482357Z","timestamp":"2021-04-21T07:53:12.104306Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"89f65b00-5585-4952-ba3d-98c9c62a9c0f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50117,"status":200,"time_taken":378095,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:12.487547Z","timestamp":"2021-04-21T07:53:12.109740Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ff0586df-b2f8-4b81-ae48-a83cfe6bfcff","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50117,"status":200,"time_taken":377954,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:14.591093Z","timestamp":"2021-04-21T07:53:14.212847Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dce03f07-4bde-49bf-bb81-651206de5146","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62919,"status":200,"time_taken":378454,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:15.234043Z","timestamp":"2021-04-21T07:53:15.233204Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618989993104","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993104 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":839,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993104"} {"endtime":"2021-04-21T07:53:15.234566Z","timestamp":"2021-04-21T07:53:15.234321Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993105","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993105 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":245,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993105"} {"endtime":"2021-04-21T07:53:15.234735Z","timestamp":"2021-04-21T07:53:15.234446Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005108","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005108 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":289,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005108"} {"endtime":"2021-04-21T07:53:15.234797Z","timestamp":"2021-04-21T07:53:15.234321Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&_=1618990005107","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005107 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":476,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005107"} {"endtime":"2021-04-21T07:53:15.235235Z","timestamp":"2021-04-21T07:53:15.233715Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":1520,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:53:15.235391Z","timestamp":"2021-04-21T07:53:15.233715Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":1676,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:53:17.419295Z","timestamp":"2021-04-21T07:53:17.042259Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8979aad1-8541-464f-ad4b-afa5e92ceab8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54332,"status":200,"time_taken":377263,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:18.485116Z","timestamp":"2021-04-21T07:53:18.120006Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e246af46-e418-4f21-b12f-e539eaa87b89","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50118,"status":200,"time_taken":365166,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:18.490316Z","timestamp":"2021-04-21T07:53:18.125436Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6bc67419-a587-43da-8386-2e1c5adbdb19","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50118,"status":200,"time_taken":365076,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:19.611416Z","timestamp":"2021-04-21T07:53:19.243777Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2c24ca9f-2406-4f2d-b1c3-9faf685adcdc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62920,"status":200,"time_taken":367892,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:20.138940Z","timestamp":"2021-04-21T07:53:20.138940Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5788,"sum(time_taken)":5630} {"endtime":"2021-04-21T07:53:20.138940Z","timestamp":"2021-04-21T07:53:20.138940Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4059529} {"endtime":"2021-04-21T07:53:20.138940Z","timestamp":"2021-04-21T07:53:20.138940Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4042737} {"endtime":"2021-04-21T07:53:20.138940Z","timestamp":"2021-04-21T07:53:20.138940Z","count":12,"c_ip":"10.0.1.14","sum(bytes_in)":2004,"sum(bytes_out)":12192,"sum(time_taken)":4425617} {"endtime":"2021-04-21T07:53:20.139019Z","timestamp":"2021-04-21T07:53:20.139019Z","count":40,"dest_ip":"10.0.1.12","sum(time_taken)":12533513} {"endtime":"2021-04-21T07:53:20.139027Z","timestamp":"2021-04-21T07:53:20.139027Z","count":40,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:53:20.139034Z","timestamp":"2021-04-21T07:53:20.139034Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1733} {"endtime":"2021-04-21T07:53:20.139034Z","timestamp":"2021-04-21T07:53:20.139034Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1898} {"endtime":"2021-04-21T07:53:20.139034Z","timestamp":"2021-04-21T07:53:20.139034Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2320,"sum(time_taken)":1378} {"endtime":"2021-04-21T07:53:20.139034Z","timestamp":"2021-04-21T07:53:20.139034Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":621} {"endtime":"2021-04-21T07:53:20.139034Z","timestamp":"2021-04-21T07:53:20.139034Z","count":34,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5678,"sum(bytes_out)":34544,"sum(time_taken)":12527883} {"endtime":"2021-04-21T07:53:22.537696Z","timestamp":"2021-04-21T07:53:22.171389Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"575e7252-7e55-4a09-b160-2b12e7e1d918","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54336,"status":200,"time_taken":366550,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:24.032891Z","timestamp":"2021-04-21T07:53:24.032891Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3675244} {"endtime":"2021-04-21T07:53:24.032886Z","timestamp":"2021-04-21T07:53:24.032886Z","count":10,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:53:24.032880Z","timestamp":"2021-04-21T07:53:24.032880Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3675244} {"endtime":"2021-04-21T07:53:24.032855Z","timestamp":"2021-04-21T07:53:24.032855Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3675244} {"endtime":"2021-04-21T07:53:24.513459Z","timestamp":"2021-04-21T07:53:24.135644Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"65b7daa8-592a-43c0-bc43-3f32afe59751","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50119,"status":200,"time_taken":377848,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:24.518782Z","timestamp":"2021-04-21T07:53:24.141072Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ff9efedb-e151-4720-8970-3ed17efaed9b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50119,"status":200,"time_taken":377858,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:25.493858Z","timestamp":"2021-04-21T07:53:25.118687Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bcdd1a75-b709-408a-883c-937279fde6bd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62921,"status":200,"time_taken":375489,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:28.412674Z","timestamp":"2021-04-21T07:53:28.039470Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b6f69022-0f55-43c9-b961-cb5c8e369ca3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54338,"status":200,"time_taken":373374,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:30.503584Z","timestamp":"2021-04-21T07:53:30.131887Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"960ba8ca-001a-49ce-82dc-1db2966fe3ab","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50120,"status":200,"time_taken":371751,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:30.508860Z","timestamp":"2021-04-21T07:53:30.137296Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"96178d59-78bf-4f1f-b74b-923ab3a4a135","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50120,"status":200,"time_taken":371744,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:30.580533Z","timestamp":"2021-04-21T07:53:30.212226Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5ce3f2d9-6cca-44f1-bd6e-338ae606cb8d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62923,"status":200,"time_taken":368591,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:33.531107Z","timestamp":"2021-04-21T07:53:33.164364Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ae6e4a55-0e3b-4553-bbfd-0d914c3cf747","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54340,"status":200,"time_taken":366955,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:35.592284Z","timestamp":"2021-04-21T07:53:35.227620Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6f634d5e-071d-4fe5-911c-b8fba38f070a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62925,"status":200,"time_taken":364892,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:36.452627Z","timestamp":"2021-04-21T07:53:36.085373Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"11a92848-b7f2-4b4f-9b16-d0e807c673fd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50121,"status":200,"time_taken":367311,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:36.457846Z","timestamp":"2021-04-21T07:53:36.090759Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"82d5640a-6304-4c3f-93eb-d1c19fdcb7a0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50121,"status":200,"time_taken":367276,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:39.401377Z","timestamp":"2021-04-21T07:53:39.032842Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"70710742-73b4-476a-9666-dcf6046e6836","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54342,"status":200,"time_taken":368747,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:40.638145Z","timestamp":"2021-04-21T07:53:40.274549Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a6fb46f7-f8fa-4783-b6fe-a863bea9e7cf","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62926,"status":200,"time_taken":364006,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:42.427414Z","timestamp":"2021-04-21T07:53:42.053870Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"590268ea-cc41-47bc-95e6-054e17f78c19","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50122,"status":200,"time_taken":373594,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:42.432659Z","timestamp":"2021-04-21T07:53:42.059251Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b48c66d5-af97-4a01-b07e-6334dfd23aa0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50122,"status":200,"time_taken":373567,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:44.517200Z","timestamp":"2021-04-21T07:53:44.152958Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a94896c3-763b-45f0-b52b-487cb898506a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54344,"status":200,"time_taken":364491,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:46.487140Z","timestamp":"2021-04-21T07:53:46.118026Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"06d27d08-c199-41e2-9f86-2fed5298a68f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62927,"status":200,"time_taken":369423,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:47.581707Z","timestamp":"2021-04-21T07:53:47.210415Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fd9bfb19-2c3a-4a85-8b8e-468c1e50a6c4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50123,"status":200,"time_taken":371338,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:47.586924Z","timestamp":"2021-04-21T07:53:47.215801Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5191bc87-5e71-412b-9a5a-e32806bff884","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50123,"status":200,"time_taken":371510,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:50.387702Z","timestamp":"2021-04-21T07:53:50.018978Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cd53e64a-13f0-4fb2-bc8b-e20ed4770bd5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54346,"status":200,"time_taken":368973,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:51.548194Z","timestamp":"2021-04-21T07:53:51.181135Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5be75b65-4e62-49d6-ba20-de565c9df7c9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62928,"status":200,"time_taken":367313,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:53.483959Z","timestamp":"2021-04-21T07:53:53.116555Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b2ad7f93-5e4c-4c2e-946e-dfd4d5ab15b9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50124,"status":200,"time_taken":367456,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:53.489211Z","timestamp":"2021-04-21T07:53:53.121907Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9dc7e25b-57ea-4383-971b-b682d77f47dd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50124,"status":200,"time_taken":367467,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:55.500740Z","timestamp":"2021-04-21T07:53:55.139459Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7bfcfd1e-5439-4d4a-9c9c-2d2dbf6cae17","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54348,"status":200,"time_taken":361574,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:56.630517Z","timestamp":"2021-04-21T07:53:56.273964Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3ab211bc-083e-4c77-bbf8-5906be03f317","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62929,"status":200,"time_taken":356922,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:53:59.483495Z","timestamp":"2021-04-21T07:53:59.116708Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f8325061-4615-4d4a-99ea-16b314b9e9b2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50125,"status":200,"time_taken":366861,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:53:59.488731Z","timestamp":"2021-04-21T07:53:59.121950Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"be98fdb6-50a5-4614-8032-633c4f51ad67","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50125,"status":200,"time_taken":366961,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:00.625977Z","timestamp":"2021-04-21T07:54:00.252477Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a94e0f90-5c6f-4192-88c8-28cc0608eac6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54350,"status":200,"time_taken":373736,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:02.485859Z","timestamp":"2021-04-21T07:54:02.117591Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5fd3bf78-94f9-4f39-997c-ea7e608f471c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62930,"status":200,"time_taken":368687,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:05.405138Z","timestamp":"2021-04-21T07:54:05.038712Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dce8a381-e8e4-4f9a-bce1-8f966412b49d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50126,"status":200,"time_taken":366478,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:05.410324Z","timestamp":"2021-04-21T07:54:05.044053Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"225f47e9-12db-471f-92c7-d13503bb1470","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50126,"status":200,"time_taken":366476,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:06.486266Z","timestamp":"2021-04-21T07:54:06.127913Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8f002b1d-b2d2-432f-beb6-05177aa1ab92","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54352,"status":200,"time_taken":358696,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:07.575047Z","timestamp":"2021-04-21T07:54:07.210956Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"12b85bdf-6bd1-468c-a7e0-180bc0319883","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62931,"status":200,"time_taken":364414,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:10.603327Z","timestamp":"2021-04-21T07:54:10.239135Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8880c5c3-7363-4703-a66a-1a2912316ac6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50128,"status":200,"time_taken":364239,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:10.608554Z","timestamp":"2021-04-21T07:54:10.244452Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dc5d70a1-6ad8-4315-851b-f0882b3d1003","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50128,"status":200,"time_taken":364254,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:11.605312Z","timestamp":"2021-04-21T07:54:11.238162Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7504cedb-21c6-44bb-9cbe-2a7508168843","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54354,"status":200,"time_taken":367681,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:13.500359Z","timestamp":"2021-04-21T07:54:13.132648Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d3986950-7980-4be1-8f7f-ad279c97a33a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62932,"status":200,"time_taken":368012,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:14.056692Z","timestamp":"2021-04-21T07:54:14.056129Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618990005109","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005109 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":563,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005109"} {"endtime":"2021-04-21T07:54:14.057163Z","timestamp":"2021-04-21T07:54:14.056877Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005110","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005110 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":286,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005110"} {"endtime":"2021-04-21T07:54:14.057255Z","timestamp":"2021-04-21T07:54:14.056877Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993107","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993107 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":378,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993107"} {"endtime":"2021-04-21T07:54:14.057335Z","timestamp":"2021-04-21T07:54:14.056877Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&_=1618989993106","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993106 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":458,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993106"} {"endtime":"2021-04-21T07:54:14.057894Z","timestamp":"2021-04-21T07:54:14.056309Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":1585,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:54:14.058132Z","timestamp":"2021-04-21T07:54:14.055719Z","bytes":1674,"bytes_in":916,"bytes_out":758,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":2413,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:54:16.587105Z","timestamp":"2021-04-21T07:54:16.223595Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"875037a7-7733-4686-b402-14f0d56d27a9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50129,"status":200,"time_taken":363575,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:16.592318Z","timestamp":"2021-04-21T07:54:16.228913Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a7c09f74-084c-47a4-99f2-71d42d9d5293","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50129,"status":200,"time_taken":363578,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:17.474464Z","timestamp":"2021-04-21T07:54:17.107802Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9ae36e3d-c331-443f-ad3b-73fecbc67d4d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54356,"status":200,"time_taken":366932,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:18.566810Z","timestamp":"2021-04-21T07:54:18.210611Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d1a3f988-c2c1-4f06-8fbd-025408d7a1f3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62933,"status":200,"time_taken":356574,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:20.206934Z","timestamp":"2021-04-21T07:54:20.206934Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5788,"sum(time_taken)":5045} {"endtime":"2021-04-21T07:54:20.206934Z","timestamp":"2021-04-21T07:54:20.206934Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4037709} {"endtime":"2021-04-21T07:54:20.206934Z","timestamp":"2021-04-21T07:54:20.206934Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3690691} {"endtime":"2021-04-21T07:54:20.206934Z","timestamp":"2021-04-21T07:54:20.206934Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4024323} {"endtime":"2021-04-21T07:54:20.206995Z","timestamp":"2021-04-21T07:54:20.206995Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":11757768} {"endtime":"2021-04-21T07:54:20.207003Z","timestamp":"2021-04-21T07:54:20.207003Z","count":38,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:54:20.207010Z","timestamp":"2021-04-21T07:54:20.207010Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1520} {"endtime":"2021-04-21T07:54:20.207010Z","timestamp":"2021-04-21T07:54:20.207010Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1676} {"endtime":"2021-04-21T07:54:20.207010Z","timestamp":"2021-04-21T07:54:20.207010Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2320,"sum(time_taken)":1315} {"endtime":"2021-04-21T07:54:20.207010Z","timestamp":"2021-04-21T07:54:20.207010Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":534} {"endtime":"2021-04-21T07:54:20.207010Z","timestamp":"2021-04-21T07:54:20.207010Z","count":32,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5344,"sum(bytes_out)":32512,"sum(time_taken)":11752723} {"endtime":"2021-04-21T07:54:22.485049Z","timestamp":"2021-04-21T07:54:22.114449Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9d9ced71-c07e-4f92-8ec2-a9df7781ab1b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50130,"status":200,"time_taken":370641,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:22.490212Z","timestamp":"2021-04-21T07:54:22.119774Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0e1ad505-a742-455b-8bbf-7476d78e9ddc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50130,"status":200,"time_taken":370587,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:22.599883Z","timestamp":"2021-04-21T07:54:22.226453Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"36f97885-3226-4a16-b158-df9345c00890","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54360,"status":200,"time_taken":373618,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:23.651968Z","timestamp":"2021-04-21T07:54:23.272837Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f700bfed-49a6-49e6-ae44-94565dd8442c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62934,"status":200,"time_taken":379423,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:24.095286Z","timestamp":"2021-04-21T07:54:24.095286Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4061092} {"endtime":"2021-04-21T07:54:24.095282Z","timestamp":"2021-04-21T07:54:24.095282Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:54:24.095274Z","timestamp":"2021-04-21T07:54:24.095274Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4061092} {"endtime":"2021-04-21T07:54:24.095241Z","timestamp":"2021-04-21T07:54:24.095241Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4061092} {"endtime":"2021-04-21T07:54:28.422694Z","timestamp":"2021-04-21T07:54:28.051862Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f2484b8b-1dcb-4c33-b5c1-14721034660b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50131,"status":200,"time_taken":370889,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:28.427878Z","timestamp":"2021-04-21T07:54:28.057173Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d84a7ce8-60b7-42fe-90c9-7c70d6e1064e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50131,"status":200,"time_taken":370876,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:28.473322Z","timestamp":"2021-04-21T07:54:28.101801Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4f1326af-d10d-42bf-91fd-40b4391187a7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54362,"status":200,"time_taken":371817,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:29.510006Z","timestamp":"2021-04-21T07:54:29.147676Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"10ae8000-195f-4273-bc78-61a0c6789d06","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62935,"status":200,"time_taken":362636,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:33.595174Z","timestamp":"2021-04-21T07:54:33.225051Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2301f6e4-057f-41d3-b120-d9feb2b97b80","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54364,"status":200,"time_taken":370361,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:34.420713Z","timestamp":"2021-04-21T07:54:34.052016Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"38a578dd-2945-4193-abf5-0218f8acb883","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50132,"status":200,"time_taken":368736,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:34.425897Z","timestamp":"2021-04-21T07:54:34.057314Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4030882c-4039-4aee-af7b-38819e8d1bbb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50132,"status":200,"time_taken":368770,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:34.580036Z","timestamp":"2021-04-21T07:54:34.209897Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"48930e58-c8fb-4cd4-b480-1b1c32867b0c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62938,"status":200,"time_taken":370337,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:39.472544Z","timestamp":"2021-04-21T07:54:39.097217Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4c2a5991-48cc-4fe8-977b-18ae3446f184","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54366,"status":200,"time_taken":375706,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:39.643024Z","timestamp":"2021-04-21T07:54:39.272355Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ece2c063-5e1f-499a-9dce-2b291edb177d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62939,"status":200,"time_taken":371021,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:40.457856Z","timestamp":"2021-04-21T07:54:40.083288Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6bc5ad68-f263-44d2-b3d2-77895b0bee85","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50133,"status":200,"time_taken":374609,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:40.462996Z","timestamp":"2021-04-21T07:54:40.088597Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"35fc7769-7a5e-42a2-bccd-fe79172e1b08","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50133,"status":200,"time_taken":374557,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:44.601468Z","timestamp":"2021-04-21T07:54:44.224267Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"862800ee-5590-4e56-b093-e080eb996066","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54368,"status":200,"time_taken":377461,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:45.496846Z","timestamp":"2021-04-21T07:54:45.130201Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a04cdbba-eb95-486a-bdce-0bf4f3ccf842","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50134,"status":200,"time_taken":366686,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:45.502051Z","timestamp":"2021-04-21T07:54:45.135527Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"735adea8-91ff-40ca-a27a-f98482515f6e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50134,"status":200,"time_taken":366743,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:45.504267Z","timestamp":"2021-04-21T07:54:45.131562Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9a08a568-c1e2-4781-8458-53009e32b4ad","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62940,"status":200,"time_taken":372953,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:50.478313Z","timestamp":"2021-04-21T07:54:50.103244Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f2575911-c2af-442b-b988-77b397944380","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54370,"status":200,"time_taken":375310,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:50.529455Z","timestamp":"2021-04-21T07:54:50.162911Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c446c063-978a-4cd9-9c09-ef61cd4aa886","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62941,"status":200,"time_taken":367083,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:51.482514Z","timestamp":"2021-04-21T07:54:51.114738Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e25b212d-9307-45f4-ab9b-2ede1b1f277d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50135,"status":200,"time_taken":367839,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:51.487687Z","timestamp":"2021-04-21T07:54:51.120021Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"17be6490-cb7b-4626-929e-6b09c1b2f1a6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50135,"status":200,"time_taken":367857,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:55.589424Z","timestamp":"2021-04-21T07:54:55.224951Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2ab87bc3-a324-4868-a91f-02b4669192d0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62942,"status":200,"time_taken":364762,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:55.592894Z","timestamp":"2021-04-21T07:54:55.229980Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bfc19593-bf03-4439-9bd5-53c6c4767a1c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54372,"status":200,"time_taken":363098,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:54:56.479502Z","timestamp":"2021-04-21T07:54:56.114757Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4940f68e-88c6-4ebc-9e7a-d88d1dfc02bb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50136,"status":200,"time_taken":364800,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:54:56.484694Z","timestamp":"2021-04-21T07:54:56.120024Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"02993aca-faf4-4fcf-ab9a-e068d32ed66b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50136,"status":200,"time_taken":364844,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:00.639328Z","timestamp":"2021-04-21T07:55:00.271627Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ecfb8fa7-d1b5-4240-ba51-f89985689fe1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62943,"status":200,"time_taken":367968,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:01.472555Z","timestamp":"2021-04-21T07:55:01.095025Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"29b9390b-a671-43b0-aff5-036eb727b1e6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54374,"status":200,"time_taken":377728,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:02.412839Z","timestamp":"2021-04-21T07:55:02.036753Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4bb13a0f-842e-4a58-9015-92d862aaaad5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50137,"status":200,"time_taken":376146,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:02.417929Z","timestamp":"2021-04-21T07:55:02.042073Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"211416ed-9371-4a68-acdb-56eb99b1ed87","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50137,"status":200,"time_taken":376124,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:06.465810Z","timestamp":"2021-04-21T07:55:06.099679Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bbfc3a4d-111d-4090-8ae5-a3dd8732626e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62944,"status":200,"time_taken":366408,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:06.587877Z","timestamp":"2021-04-21T07:55:06.224479Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2727dcda-0e0c-4bc3-ad89-45e30ebd7939","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54376,"status":200,"time_taken":363634,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:07.511616Z","timestamp":"2021-04-21T07:55:07.510598Z","bytes":439,"bytes_in":202,"bytes_out":237,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"13eeaadd-3933-4454-a7bf-1cc057544981","http_comment":"HTTP/1.0 200 OK","http_content_length":56,"http_content_type":"text/plain","http_method":"PUT","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; linux; amd64)","protocol_stack":"ip:tcp:http","request":"PUT /latest/api/token HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.12","src_mac":"02:DA:73:7B:81:70","src_port":59258,"status":200,"time_taken":1048,"transport":"tcp","uri_path":"/latest/api/token"} {"endtime":"2021-04-21T07:55:07.512646Z","timestamp":"2021-04-21T07:55:07.512074Z","bytes":773,"bytes_in":248,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"83ce8f5a-4bdd-47e9-8c9b-d654071d5208","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; linux; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.12","src_mac":"02:DA:73:7B:81:70","src_port":59260,"status":404,"time_taken":588,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:07.570429Z","timestamp":"2021-04-21T07:55:07.569848Z","bytes":773,"bytes_in":248,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"749fd49d-4631-43da-b618-9e875c5415f3","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; linux; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.12","src_mac":"02:DA:73:7B:81:70","src_port":59266,"status":404,"time_taken":598,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:07.605853Z","timestamp":"2021-04-21T07:55:07.239916Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f592928d-e74c-467b-a5cd-3544df657dae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50139,"status":200,"time_taken":365950,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:07.611012Z","timestamp":"2021-04-21T07:55:07.245182Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0917aa5c-eaaa-4803-860e-083f763550cc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50139,"status":200,"time_taken":365987,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:07.690321Z","timestamp":"2021-04-21T07:55:07.689329Z","bytes":773,"bytes_in":248,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"cfa336c6-0ae0-4681-8395-f501393d34c1","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; linux; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.12","src_mac":"02:DA:73:7B:81:70","src_port":59272,"status":404,"time_taken":1036,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:08.764461Z","timestamp":"2021-04-21T07:55:08.764198Z","bytes":441,"bytes_in":204,"bytes_out":237,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"fed1bfdf-89df-41c2-91aa-c9f40e37d8d3","http_comment":"HTTP/1.1 200 OK","http_content_length":56,"http_content_type":"text/plain","http_method":"PUT","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"PUT /latest/api/token HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50140,"status":200,"time_taken":294,"transport":"tcp","uri_path":"/latest/api/token"} {"endtime":"2021-04-21T07:55:08.765044Z","timestamp":"2021-04-21T07:55:08.764851Z","bytes":777,"bytes_in":250,"bytes_out":527,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"c657c0a6-a5f0-4763-88ef-c8efd30e165a","http_comment":"HTTP/1.1 404 Not Found","http_content_length":339,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50141,"status":404,"time_taken":202,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:08.820596Z","timestamp":"2021-04-21T07:55:08.820379Z","bytes":777,"bytes_in":250,"bytes_out":527,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"3d4a45cd-20c4-4485-a56b-5e63f41308a6","http_comment":"HTTP/1.1 404 Not Found","http_content_length":339,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50142,"status":404,"time_taken":232,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:08.935857Z","timestamp":"2021-04-21T07:55:08.935613Z","bytes":777,"bytes_in":250,"bytes_out":527,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"0f0e7fd5-fff0-4b4a-a7cd-4270f18267b4","http_comment":"HTTP/1.1 404 Not Found","http_content_length":339,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50143,"status":404,"time_taken":270,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:10.182985Z","timestamp":"2021-04-21T07:55:10.182985Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":750,"sum(bytes_out)":1581,"sum(time_taken)":704} {"endtime":"2021-04-21T07:55:10.182985Z","timestamp":"2021-04-21T07:55:10.182985Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":204,"sum(bytes_out)":237,"sum(time_taken)":294} {"endtime":"2021-04-21T07:55:10.182985Z","timestamp":"2021-04-21T07:55:10.182985Z","count":3,"dest_ip":"169.254.169.254","status":404} {"endtime":"2021-04-21T07:55:10.182985Z","timestamp":"2021-04-21T07:55:10.182985Z","count":1,"dest_ip":"169.254.169.254","status":200} {"endtime":"2021-04-21T07:55:10.182985Z","timestamp":"2021-04-21T07:55:10.182985Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":998} {"endtime":"2021-04-21T07:55:10.182985Z","timestamp":"2021-04-21T07:55:10.182985Z","count":4,"c_ip":"10.0.1.15","sum(bytes_in)":954,"sum(bytes_out)":1818,"sum(time_taken)":998} {"endtime":"2021-04-21T07:55:11.530994Z","timestamp":"2021-04-21T07:55:11.161780Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"58931075-3c38-4c9b-9c2d-e55229c9e105","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62945,"status":200,"time_taken":369436,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:12.464972Z","timestamp":"2021-04-21T07:55:12.089524Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a3394643-caa4-4755-a03b-8121b95859b5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54378,"status":200,"time_taken":375661,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:12.610926Z","timestamp":"2021-04-21T07:55:12.239922Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"88f47fe9-3d6d-4254-a888-0abad2d14c7e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50144,"status":200,"time_taken":371063,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:12.616099Z","timestamp":"2021-04-21T07:55:12.245210Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"be36d948-463a-4a89-a94c-f21669c91fde","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50144,"status":200,"time_taken":371075,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:16.550468Z","timestamp":"2021-04-21T07:55:16.178353Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5841c1ab-7c2a-4a05-bfbc-9038a01dd93a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62946,"status":200,"time_taken":372439,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:17.586210Z","timestamp":"2021-04-21T07:55:17.216756Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"85b21ae4-66e1-4030-a082-b2db7ab3a1ed","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54380,"status":200,"time_taken":369673,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:18.264204Z","timestamp":"2021-04-21T07:55:18.263981Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993109","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993109 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":223,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993109"} {"endtime":"2021-04-21T07:55:18.264319Z","timestamp":"2021-04-21T07:55:18.263701Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618989993108","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993108 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":618,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993108"} {"endtime":"2021-04-21T07:55:18.264367Z","timestamp":"2021-04-21T07:55:18.264000Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005112","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005112 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":367,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005112"} {"endtime":"2021-04-21T07:55:18.265168Z","timestamp":"2021-04-21T07:55:18.263626Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1542,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:55:18.265294Z","timestamp":"2021-04-21T07:55:18.263120Z","bytes":1674,"bytes_in":916,"bytes_out":758,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":2174,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:55:18.321539Z","timestamp":"2021-04-21T07:55:18.320883Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618990005111","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005111 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":656,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005111"} {"endtime":"2021-04-21T07:55:18.554549Z","timestamp":"2021-04-21T07:55:18.177583Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"687335b5-ae14-4c24-98a6-39ce86c58734","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50145,"status":200,"time_taken":376992,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:18.559708Z","timestamp":"2021-04-21T07:55:18.182847Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"31061c12-d991-4af6-840d-13b71ffc8c5d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50145,"status":200,"time_taken":377053,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:21.027301Z","timestamp":"2021-04-21T07:55:21.027301Z","count":6,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":1500,"sum(bytes_out)":3150,"sum(time_taken)":4505} {"endtime":"2021-04-21T07:55:21.027301Z","timestamp":"2021-04-21T07:55:21.027301Z","count":2,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":408,"sum(bytes_out)":474,"sum(time_taken)":2294} {"endtime":"2021-04-21T07:55:21.027301Z","timestamp":"2021-04-21T07:55:21.027301Z","count":6,"dest_ip":"169.254.169.254","status":404} {"endtime":"2021-04-21T07:55:21.027301Z","timestamp":"2021-04-21T07:55:21.027301Z","count":2,"dest_ip":"169.254.169.254","status":200} {"endtime":"2021-04-21T07:55:21.027301Z","timestamp":"2021-04-21T07:55:21.027301Z","count":8,"dest_ip":"169.254.169.254","sum(time_taken)":6799} {"endtime":"2021-04-21T07:55:21.027301Z","timestamp":"2021-04-21T07:55:21.027301Z","count":8,"c_ip":"10.0.1.14","sum(bytes_in)":1908,"sum(bytes_out)":3624,"sum(time_taken)":6799} {"endtime":"2021-04-21T07:55:21.063681Z","timestamp":"2021-04-21T07:55:21.063681Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5784,"sum(time_taken)":5683} {"endtime":"2021-04-21T07:55:21.063681Z","timestamp":"2021-04-21T07:55:21.063681Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4094067} {"endtime":"2021-04-21T07:55:21.063681Z","timestamp":"2021-04-21T07:55:21.063681Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4074473} {"endtime":"2021-04-21T07:55:21.063681Z","timestamp":"2021-04-21T07:55:21.063681Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4064466} {"endtime":"2021-04-21T07:55:21.063681Z","timestamp":"2021-04-21T07:55:21.063681Z","count":4,"c_ip":"10.0.1.12","sum(bytes_in)":946,"sum(bytes_out)":1812,"sum(time_taken)":3270} {"endtime":"2021-04-21T07:55:21.063773Z","timestamp":"2021-04-21T07:55:21.063773Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":3270} {"endtime":"2021-04-21T07:55:21.063773Z","timestamp":"2021-04-21T07:55:21.063773Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":12238689} {"endtime":"2021-04-21T07:55:21.063786Z","timestamp":"2021-04-21T07:55:21.063786Z","count":3,"dest_ip":"169.254.169.254","status":404} {"endtime":"2021-04-21T07:55:21.063786Z","timestamp":"2021-04-21T07:55:21.063786Z","count":1,"dest_ip":"169.254.169.254","status":200} {"endtime":"2021-04-21T07:55:21.063786Z","timestamp":"2021-04-21T07:55:21.063786Z","count":39,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:55:21.063801Z","timestamp":"2021-04-21T07:55:21.063801Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":744,"sum(bytes_out)":1575,"sum(time_taken)":2222} {"endtime":"2021-04-21T07:55:21.063801Z","timestamp":"2021-04-21T07:55:21.063801Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":202,"sum(bytes_out)":237,"sum(time_taken)":1048} {"endtime":"2021-04-21T07:55:21.063801Z","timestamp":"2021-04-21T07:55:21.063801Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1585} {"endtime":"2021-04-21T07:55:21.063801Z","timestamp":"2021-04-21T07:55:21.063801Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":758,"sum(time_taken)":2413} {"endtime":"2021-04-21T07:55:21.063801Z","timestamp":"2021-04-21T07:55:21.063801Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2320,"sum(time_taken)":1021} {"endtime":"2021-04-21T07:55:21.063801Z","timestamp":"2021-04-21T07:55:21.063801Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":664} {"endtime":"2021-04-21T07:55:21.063801Z","timestamp":"2021-04-21T07:55:21.063801Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12233006} {"endtime":"2021-04-21T07:55:21.223660Z","timestamp":"2021-04-21T07:55:21.222666Z","bytes":441,"bytes_in":204,"bytes_out":237,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"fe9935c5-c5cd-4090-be81-f9848b605d10","http_comment":"HTTP/1.0 200 OK","http_content_length":56,"http_content_type":"text/plain","http_method":"PUT","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"PUT /latest/api/token HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62947,"status":200,"time_taken":1043,"transport":"tcp","uri_path":"/latest/api/token"} {"endtime":"2021-04-21T07:55:21.223881Z","timestamp":"2021-04-21T07:55:21.222665Z","bytes":441,"bytes_in":204,"bytes_out":237,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"41d95b61-b544-463f-989e-93c0cd4a1583","http_comment":"HTTP/1.0 200 OK","http_content_length":56,"http_content_type":"text/plain","http_method":"PUT","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"PUT /latest/api/token HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62948,"status":200,"time_taken":1251,"transport":"tcp","uri_path":"/latest/api/token"} {"endtime":"2021-04-21T07:55:21.224824Z","timestamp":"2021-04-21T07:55:21.224238Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"438726a1-8065-41fd-84c5-2fc5837ee75f","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62949,"status":404,"time_taken":622,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:21.225051Z","timestamp":"2021-04-21T07:55:21.224384Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"b1e794f6-9fdf-4492-a731-367c5d678c63","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62950,"status":404,"time_taken":679,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:21.267111Z","timestamp":"2021-04-21T07:55:21.266467Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"0b60924b-287e-41e2-b4cf-ce44e428cb59","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62952,"status":404,"time_taken":685,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:21.267385Z","timestamp":"2021-04-21T07:55:21.266474Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"e2255a7a-4ce6-4bb4-b9be-9665f3df88b0","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62951,"status":404,"time_taken":939,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:21.349752Z","timestamp":"2021-04-21T07:55:21.349102Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"2ba6caba-1d97-46da-9b8b-0110500606f6","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62953,"status":404,"time_taken":668,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:21.351759Z","timestamp":"2021-04-21T07:55:21.350870Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"d86d0d9c-71ce-448f-9701-8ec9d6fea4db","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62954,"status":404,"time_taken":912,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"} {"endtime":"2021-04-21T07:55:22.469255Z","timestamp":"2021-04-21T07:55:22.099108Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a15a3f09-5447-4c54-91fb-9d3ca261bc5b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62955,"status":200,"time_taken":370438,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:23.462748Z","timestamp":"2021-04-21T07:55:23.088222Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"eee43a65-100b-4b80-a86a-ad1ad5f608e1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54384,"status":200,"time_taken":374744,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:23.587828Z","timestamp":"2021-04-21T07:55:23.208834Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fa3cc648-ddc8-42a0-b861-fd8ed943c53d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50146,"status":200,"time_taken":379036,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:23.592974Z","timestamp":"2021-04-21T07:55:23.214083Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f007daa1-1a21-4fe2-81d1-ca81b70e2015","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50146,"status":200,"time_taken":379051,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:24.208122Z","timestamp":"2021-04-21T07:55:24.208122Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4082746} {"endtime":"2021-04-21T07:55:24.208117Z","timestamp":"2021-04-21T07:55:24.208117Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:55:24.208111Z","timestamp":"2021-04-21T07:55:24.208111Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4082746} {"endtime":"2021-04-21T07:55:24.208066Z","timestamp":"2021-04-21T07:55:24.208066Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4082746} {"endtime":"2021-04-21T07:55:27.529859Z","timestamp":"2021-04-21T07:55:27.161484Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c13c7843-254e-4e14-9244-d7cc05a93d79","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62956,"status":200,"time_taken":368623,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:28.588291Z","timestamp":"2021-04-21T07:55:28.214413Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ae9d1579-ff40-436f-a4a4-863312242444","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54386,"status":200,"time_taken":374092,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:29.530620Z","timestamp":"2021-04-21T07:55:29.162092Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ac284fd3-a900-4dde-98f4-aacb92658405","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50147,"status":200,"time_taken":368579,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:29.535663Z","timestamp":"2021-04-21T07:55:29.167343Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6fd214e7-9427-4e8b-b1e7-328822f84cc6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50147,"status":200,"time_taken":368546,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:32.580318Z","timestamp":"2021-04-21T07:55:32.208129Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a9a5c3cb-9805-48e1-9ef3-b25f7d65482b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62958,"status":200,"time_taken":372550,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:34.463389Z","timestamp":"2021-04-21T07:55:34.089985Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bb87274d-5f2f-47c7-b75d-297c1151c645","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54388,"status":200,"time_taken":373658,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:35.482502Z","timestamp":"2021-04-21T07:55:35.115274Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b69a1b38-9fab-4630-a5d2-6461bdb0dde9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50148,"status":200,"time_taken":367259,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:35.487546Z","timestamp":"2021-04-21T07:55:35.120523Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"11318757-bd33-4827-b186-3e085736bbc1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50148,"status":200,"time_taken":367191,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:38.466228Z","timestamp":"2021-04-21T07:55:38.098440Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"303b02bb-d5e3-4553-b779-a386e79014db","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62963,"status":200,"time_taken":368034,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:39.582827Z","timestamp":"2021-04-21T07:55:39.215078Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b26f1bf3-102a-4fbf-8190-1759c1ce7f08","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54390,"status":200,"time_taken":367987,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:41.512802Z","timestamp":"2021-04-21T07:55:41.130917Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7c9eee86-f79d-4c4d-89c4-fdcb116f3ce1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50149,"status":200,"time_taken":381922,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:41.517933Z","timestamp":"2021-04-21T07:55:41.136242Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bec9dfe0-7bad-48fb-a913-88671fe3edad","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50149,"status":200,"time_taken":381861,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:43.542669Z","timestamp":"2021-04-21T07:55:43.176481Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a91dd463-8b50-4813-a55c-844dd0b0a241","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62964,"status":200,"time_taken":366420,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:45.453036Z","timestamp":"2021-04-21T07:55:45.084478Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2c6130ea-d09c-4fe3-a677-87dcabc9436a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54392,"status":200,"time_taken":368771,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:46.511304Z","timestamp":"2021-04-21T07:55:46.130970Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"918ca1ac-a68f-4c09-b31c-15568b517fe3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50150,"status":200,"time_taken":380388,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:46.516451Z","timestamp":"2021-04-21T07:55:46.136224Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d5cb1ab2-93dd-4136-bb57-2383d0dc73c5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50150,"status":200,"time_taken":380394,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:48.574920Z","timestamp":"2021-04-21T07:55:48.207622Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"df5b872a-008f-48c2-97f7-d4fb1cf8e2ad","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62965,"status":200,"time_taken":367676,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:50.576981Z","timestamp":"2021-04-21T07:55:50.204872Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c1d82d9f-42ba-43f3-8948-950fbc04da92","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54394,"status":200,"time_taken":372316,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:51.506282Z","timestamp":"2021-04-21T07:55:51.131131Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6ca1ab03-0d8c-450c-820a-f112f8e29f34","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50151,"status":200,"time_taken":375205,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:51.511345Z","timestamp":"2021-04-21T07:55:51.136361Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"530ac8f1-0a4a-4d92-a9f1-5fd8cc6bcf3e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50151,"status":200,"time_taken":375205,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:53.644302Z","timestamp":"2021-04-21T07:55:53.269792Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9850b928-967e-4bbd-a7c6-5cc5c883762b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62971,"status":200,"time_taken":374813,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:56.447825Z","timestamp":"2021-04-21T07:55:56.078608Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7d002d02-b36a-4348-83a5-c97d37a83452","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54396,"status":200,"time_taken":369430,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:57.413223Z","timestamp":"2021-04-21T07:55:57.037441Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2e6289da-3a99-4708-a803-a553bc960687","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50152,"status":200,"time_taken":375838,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:55:57.418339Z","timestamp":"2021-04-21T07:55:57.042686Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"71d0539e-48f3-4418-90bc-7b084cb4ca3a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50152,"status":200,"time_taken":375884,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:55:59.542125Z","timestamp":"2021-04-21T07:55:59.175847Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e6f883f6-76d8-4617-bf4d-2e64d9e2671e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62972,"status":200,"time_taken":366494,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:01.570325Z","timestamp":"2021-04-21T07:56:01.199529Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e6356055-085c-4308-b6cc-aa979e2d2cbf","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54398,"status":200,"time_taken":371022,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:02.403651Z","timestamp":"2021-04-21T07:56:02.037477Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fdc56d2b-b96c-4c9e-b427-a1138cf889f1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50153,"status":200,"time_taken":366208,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:02.408727Z","timestamp":"2021-04-21T07:56:02.042720Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3e7c6cc0-124c-4b7e-8e74-2f8d6e90312b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50153,"status":200,"time_taken":366201,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:04.643702Z","timestamp":"2021-04-21T07:56:04.269802Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"544a8852-8a12-4f7b-8031-afa8d8609902","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62973,"status":200,"time_taken":374319,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:07.445828Z","timestamp":"2021-04-21T07:56:07.071937Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f3d3312e-65bf-41a6-af37-24654d67db35","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54400,"status":200,"time_taken":374119,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:08.435089Z","timestamp":"2021-04-21T07:56:08.068758Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6689d52a-94be-4073-a1ae-972d589892a1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50155,"status":200,"time_taken":366385,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:08.440186Z","timestamp":"2021-04-21T07:56:08.074013Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"935cea5a-884d-4bd5-8281-68a79861eaab","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50155,"status":200,"time_taken":366340,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:10.530960Z","timestamp":"2021-04-21T07:56:10.159930Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a532b9d5-4b48-4953-a8e1-fc8625955b80","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62974,"status":200,"time_taken":371291,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:12.565607Z","timestamp":"2021-04-21T07:56:12.197598Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"40a5ea91-92e6-48c7-8385-c76341b89fb1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54402,"status":200,"time_taken":368231,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:13.590650Z","timestamp":"2021-04-21T07:56:13.222565Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"129d4ddf-241b-4f08-87b6-a41751cd7fdb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50156,"status":200,"time_taken":368127,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:13.595802Z","timestamp":"2021-04-21T07:56:13.227812Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b86fa7d2-c8ba-4ad4-a851-551053da773d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50156,"status":200,"time_taken":368127,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:15.632147Z","timestamp":"2021-04-21T07:56:15.269237Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7faec6de-d2d6-45b0-8e71-26057ab74ae3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62975,"status":200,"time_taken":363281,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:18.286879Z","timestamp":"2021-04-21T07:56:18.286108Z","bytes":1887,"bytes_in":731,"bytes_out":1156,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618989993110","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993110 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":771,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993110"} {"endtime":"2021-04-21T07:56:18.287994Z","timestamp":"2021-04-21T07:56:18.286348Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":1646,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:56:18.288152Z","timestamp":"2021-04-21T07:56:18.286369Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1783,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:56:18.290212Z","timestamp":"2021-04-21T07:56:18.289996Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993111","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993111 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":216,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993111"} {"endtime":"2021-04-21T07:56:18.290410Z","timestamp":"2021-04-21T07:56:18.290243Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005114","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005114 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":167,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005114"} {"endtime":"2021-04-21T07:56:18.290471Z","timestamp":"2021-04-21T07:56:18.289980Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618990005113","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005113 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":491,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005113"} {"endtime":"2021-04-21T07:56:18.430747Z","timestamp":"2021-04-21T07:56:18.067116Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2324e6dc-d053-4995-af68-cb60e37cae62","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54406,"status":200,"time_taken":363841,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:19.583819Z","timestamp":"2021-04-21T07:56:19.222634Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3ef81af7-347d-48ba-afb3-7775c178cb10","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50157,"status":200,"time_taken":361228,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:19.588951Z","timestamp":"2021-04-21T07:56:19.227886Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b3638987-5b00-4a20-a035-b6ef35551fbb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50157,"status":200,"time_taken":361231,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:21.161198Z","timestamp":"2021-04-21T07:56:21.161198Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5784,"sum(time_taken)":5580} {"endtime":"2021-04-21T07:56:21.161198Z","timestamp":"2021-04-21T07:56:21.161198Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4078211} {"endtime":"2021-04-21T07:56:21.161198Z","timestamp":"2021-04-21T07:56:21.161198Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4090031} {"endtime":"2021-04-21T07:56:21.161198Z","timestamp":"2021-04-21T07:56:21.161198Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4063939} {"endtime":"2021-04-21T07:56:21.161291Z","timestamp":"2021-04-21T07:56:21.161291Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":12237761} {"endtime":"2021-04-21T07:56:21.161299Z","timestamp":"2021-04-21T07:56:21.161299Z","count":39,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:56:21.161306Z","timestamp":"2021-04-21T07:56:21.161306Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1542} {"endtime":"2021-04-21T07:56:21.161306Z","timestamp":"2021-04-21T07:56:21.161306Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":758,"sum(time_taken)":2174} {"endtime":"2021-04-21T07:56:21.161306Z","timestamp":"2021-04-21T07:56:21.161306Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2320,"sum(time_taken)":1274} {"endtime":"2021-04-21T07:56:21.161306Z","timestamp":"2021-04-21T07:56:21.161306Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":590} {"endtime":"2021-04-21T07:56:21.161306Z","timestamp":"2021-04-21T07:56:21.161306Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12232181} {"endtime":"2021-04-21T07:56:21.548431Z","timestamp":"2021-04-21T07:56:21.175275Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7965bb56-6dca-4c3c-acf8-f3ff2b5c9730","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62976,"status":200,"time_taken":373503,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:23.560368Z","timestamp":"2021-04-21T07:56:23.182823Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"422443f9-d02d-4fb5-bb2e-4530db349ced","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54408,"status":200,"time_taken":377752,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:25.055737Z","timestamp":"2021-04-21T07:56:25.055737Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3711139} {"endtime":"2021-04-21T07:56:25.055731Z","timestamp":"2021-04-21T07:56:25.055731Z","count":10,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:56:25.055725Z","timestamp":"2021-04-21T07:56:25.055725Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3711139} {"endtime":"2021-04-21T07:56:25.055705Z","timestamp":"2021-04-21T07:56:25.055705Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3711139} {"endtime":"2021-04-21T07:56:25.554161Z","timestamp":"2021-04-21T07:56:25.175810Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bae9b021-341c-4afa-86d3-ae130939d579","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50158,"status":200,"time_taken":378413,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:25.559310Z","timestamp":"2021-04-21T07:56:25.181067Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"668854e3-4a32-4665-bf05-5c347349622b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50158,"status":200,"time_taken":378457,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:26.636727Z","timestamp":"2021-04-21T07:56:26.268785Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d6dd5e54-741e-43b7-a874-9dd8457e13c6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62977,"status":200,"time_taken":368162,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:29.439003Z","timestamp":"2021-04-21T07:56:29.062081Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3ef227b0-227b-4115-b6ff-c466c8f7528a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54410,"status":200,"time_taken":377127,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:31.524637Z","timestamp":"2021-04-21T07:56:31.154365Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"127077cf-5517-4dd9-bc1c-7c3f4a613e2f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50159,"status":200,"time_taken":370310,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:31.529798Z","timestamp":"2021-04-21T07:56:31.159622Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e3c7d93c-884d-4e22-b9c7-a6be9e8bc868","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50159,"status":200,"time_taken":370343,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:32.463501Z","timestamp":"2021-04-21T07:56:32.096870Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c483bcd7-fb28-439f-90e7-8bf2c77f56e2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62979,"status":200,"time_taken":366989,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:34.564290Z","timestamp":"2021-04-21T07:56:34.190809Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b20eb485-a48a-4426-9dbc-4844e1b921dc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54412,"status":200,"time_taken":373778,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:37.545186Z","timestamp":"2021-04-21T07:56:37.170439Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"40884666-aa1c-4d3e-9886-7fcf697c9a06","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50160,"status":200,"time_taken":374806,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:37.550261Z","timestamp":"2021-04-21T07:56:37.175692Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e4243f3d-7e4a-4b76-af2b-f6a98655ad2d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50160,"status":200,"time_taken":374744,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:37.568052Z","timestamp":"2021-04-21T07:56:37.205795Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"83e0f221-a923-4481-9242-d5e89fe1bbc7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62981,"status":200,"time_taken":362510,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:40.433879Z","timestamp":"2021-04-21T07:56:40.065777Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a9ab3211-2bb7-4034-840b-9c58032f13ef","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54414,"status":200,"time_taken":368333,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:42.632750Z","timestamp":"2021-04-21T07:56:42.268341Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"374a9cd2-58fe-49c6-a1cb-e383403244ab","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62982,"status":200,"time_taken":364791,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:43.439575Z","timestamp":"2021-04-21T07:56:43.076451Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d81fb648-c8fa-4f0f-bc39-3332ecc100c3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50161,"status":200,"time_taken":363181,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:43.444670Z","timestamp":"2021-04-21T07:56:43.081700Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"efe6f171-ed9b-46c3-9a12-91d97d86ea65","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50161,"status":200,"time_taken":363172,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:45.551559Z","timestamp":"2021-04-21T07:56:45.185781Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bc8e0302-d5cd-47bc-8756-101ad2d969a0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54416,"status":200,"time_taken":366016,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:48.535706Z","timestamp":"2021-04-21T07:56:48.174359Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cee14531-d95a-4412-94be-1ef595d1d9c5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62983,"status":200,"time_taken":361609,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:48.609558Z","timestamp":"2021-04-21T07:56:48.248324Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bfff4ed3-a948-49d9-8cf0-848b0000a849","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50162,"status":200,"time_taken":361279,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:48.614710Z","timestamp":"2021-04-21T07:56:48.253560Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2d8d5fb0-039e-4165-9f56-7430d3b2f40a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50162,"status":200,"time_taken":361291,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:51.416625Z","timestamp":"2021-04-21T07:56:51.053490Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"89e5e4f7-d73d-4648-88ba-64cc01eae7e5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54418,"status":200,"time_taken":363318,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:53.599874Z","timestamp":"2021-04-21T07:56:53.236607Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f8366dce-e154-451a-9613-916e3168df9e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62984,"status":200,"time_taken":363500,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:54.584548Z","timestamp":"2021-04-21T07:56:54.217228Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b37195b0-2d82-40bb-a7ca-f036bb2a69ed","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50163,"status":200,"time_taken":367385,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:56:54.589683Z","timestamp":"2021-04-21T07:56:54.222490Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b5907fc7-7357-433a-beeb-6052f3148add","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50163,"status":200,"time_taken":367366,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:56.534252Z","timestamp":"2021-04-21T07:56:56.168335Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bd3380f3-240f-4ccc-ba7d-70177c62e400","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54420,"status":200,"time_taken":366133,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:56:58.635060Z","timestamp":"2021-04-21T07:56:58.267760Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5e983b16-21e9-4a56-9f68-5767a6cccaae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62985,"status":200,"time_taken":367529,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:00.593645Z","timestamp":"2021-04-21T07:57:00.232992Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"914c37ae-0cee-4658-8465-e0584e5a9d6b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50164,"status":200,"time_taken":360721,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:00.598777Z","timestamp":"2021-04-21T07:57:00.238271Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"663c95af-3cac-4f40-b0bc-54561e04f312","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50164,"status":200,"time_taken":360789,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:02.403420Z","timestamp":"2021-04-21T07:57:02.035895Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ca6b9d8d-4550-4388-9157-1b6ad4b33eb4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54422,"status":200,"time_taken":367748,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:04.509900Z","timestamp":"2021-04-21T07:57:04.143351Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5ff10fc1-eb9f-46b6-a74d-9e106eece886","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62990,"status":200,"time_taken":367647,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:06.531029Z","timestamp":"2021-04-21T07:57:06.170507Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1e6e5744-e841-4c5c-86e1-0640521f9de6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50165,"status":200,"time_taken":360580,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:06.536198Z","timestamp":"2021-04-21T07:57:06.175756Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"742fd16f-ce81-473f-a7c7-ebabddb0713e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50165,"status":200,"time_taken":360633,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:07.526538Z","timestamp":"2021-04-21T07:57:07.155446Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1a94e50f-5f5f-48e6-8181-64f4d1419779","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54424,"status":200,"time_taken":371274,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:09.569705Z","timestamp":"2021-04-21T07:57:09.205063Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"240130a0-85f9-49fd-9c57-c582c563db10","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62991,"status":200,"time_taken":365107,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:12.554514Z","timestamp":"2021-04-21T07:57:12.179761Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4531b8ef-8cd0-4086-9f14-1d60a3addcbf","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50167,"status":200,"time_taken":374810,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:12.559667Z","timestamp":"2021-04-21T07:57:12.185027Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f7a09f4e-966c-40a4-a568-4525443452c9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50167,"status":200,"time_taken":374877,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:13.397376Z","timestamp":"2021-04-21T07:57:13.028071Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"76fced37-500c-4fd5-918b-abf14dcb01f0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54426,"status":200,"time_taken":369546,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:14.636082Z","timestamp":"2021-04-21T07:57:14.267140Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9ce1a85a-7a01-498d-9b1c-92d0557a0dd4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62992,"status":200,"time_taken":369210,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:18.313860Z","timestamp":"2021-04-21T07:57:18.313078Z","bytes":1887,"bytes_in":731,"bytes_out":1156,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&_=1618989993112","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993112 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":782,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993112"} {"endtime":"2021-04-21T07:57:18.314677Z","timestamp":"2021-04-21T07:57:18.312897Z","bytes":1675,"bytes_in":917,"bytes_out":758,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":1780,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:57:18.321854Z","timestamp":"2021-04-21T07:57:18.321404Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618990005115","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005115 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":450,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005115"} {"endtime":"2021-04-21T07:57:18.322117Z","timestamp":"2021-04-21T07:57:18.321914Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005116","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005116 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":203,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005116"} {"endtime":"2021-04-21T07:57:18.322234Z","timestamp":"2021-04-21T07:57:18.321962Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993113","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993113 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":272,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993113"} {"endtime":"2021-04-21T07:57:18.322846Z","timestamp":"2021-04-21T07:57:18.321350Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1496,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:57:18.475911Z","timestamp":"2021-04-21T07:57:18.101729Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4d85bd48-bc3a-4a0a-a8fe-4c22f53b9445","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50168,"status":200,"time_taken":374226,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:18.481059Z","timestamp":"2021-04-21T07:57:18.106995Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"752b47f5-3aa0-4877-afa2-41223b3d0bae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50168,"status":200,"time_taken":374242,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:18.514454Z","timestamp":"2021-04-21T07:57:18.149032Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"90a88d92-0564-41c4-a24d-48278aa88d94","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54430,"status":200,"time_taken":365603,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:20.496770Z","timestamp":"2021-04-21T07:57:20.126347Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ce0e50e0-5036-4070-a3c3-8add5c11eb1e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62993,"status":200,"time_taken":370743,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:22.006742Z","timestamp":"2021-04-21T07:57:22.006742Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5784,"sum(time_taken)":5074} {"endtime":"2021-04-21T07:57:22.006742Z","timestamp":"2021-04-21T07:57:22.006742Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4066628} {"endtime":"2021-04-21T07:57:22.006742Z","timestamp":"2021-04-21T07:57:22.006742Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3685914} {"endtime":"2021-04-21T07:57:22.006742Z","timestamp":"2021-04-21T07:57:22.006742Z","count":12,"c_ip":"10.0.1.14","sum(bytes_in)":2004,"sum(bytes_out)":12192,"sum(time_taken)":4401300} {"endtime":"2021-04-21T07:57:22.006824Z","timestamp":"2021-04-21T07:57:22.006824Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":12158916} {"endtime":"2021-04-21T07:57:22.006831Z","timestamp":"2021-04-21T07:57:22.006831Z","count":39,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:57:22.006838Z","timestamp":"2021-04-21T07:57:22.006838Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1646} {"endtime":"2021-04-21T07:57:22.006838Z","timestamp":"2021-04-21T07:57:22.006838Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1783} {"endtime":"2021-04-21T07:57:22.006838Z","timestamp":"2021-04-21T07:57:22.006838Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2316,"sum(time_taken)":1262} {"endtime":"2021-04-21T07:57:22.006838Z","timestamp":"2021-04-21T07:57:22.006838Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":383} {"endtime":"2021-04-21T07:57:22.006838Z","timestamp":"2021-04-21T07:57:22.006838Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12153842} {"endtime":"2021-04-21T07:57:23.485737Z","timestamp":"2021-04-21T07:57:23.117458Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a05c1eb8-9897-4586-aa3c-a53d6ec41a5a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50169,"status":200,"time_taken":368331,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:23.490865Z","timestamp":"2021-04-21T07:57:23.122739Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5387060b-338f-4d15-9efe-0cda0b7c23f8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50169,"status":200,"time_taken":368284,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:24.379159Z","timestamp":"2021-04-21T07:57:24.016599Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"26d7d6e9-2fd5-4b8d-9458-fd9f1abb6a4f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54432,"status":200,"time_taken":362871,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:25.124728Z","timestamp":"2021-04-21T07:57:25.124728Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4054042} {"endtime":"2021-04-21T07:57:25.124723Z","timestamp":"2021-04-21T07:57:25.124723Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:57:25.124717Z","timestamp":"2021-04-21T07:57:25.124717Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4054042} {"endtime":"2021-04-21T07:57:25.124663Z","timestamp":"2021-04-21T07:57:25.124663Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4054042} {"endtime":"2021-04-21T07:57:25.569964Z","timestamp":"2021-04-21T07:57:25.204502Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"39b0bf8e-1072-47e2-b7a7-49d996bdb551","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62994,"status":200,"time_taken":365744,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:29.492766Z","timestamp":"2021-04-21T07:57:29.117466Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3ba1ff58-725f-477a-8fe3-ea421cdf212f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50170,"status":200,"time_taken":375346,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:29.497902Z","timestamp":"2021-04-21T07:57:29.122739Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"127a89f6-13ae-4ec7-8217-0697b2685b3e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50170,"status":200,"time_taken":375311,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:29.500055Z","timestamp":"2021-04-21T07:57:29.131070Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f1407122-e69f-4b55-af1c-8d6fb23da27b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54434,"status":200,"time_taken":369236,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:31.502949Z","timestamp":"2021-04-21T07:57:31.126101Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0e3092f2-7f5b-4b3e-a8dd-58069e1eb2ed","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62996,"status":200,"time_taken":377176,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:34.501894Z","timestamp":"2021-04-21T07:57:34.133163Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3fe6f452-f30c-4f69-9b74-ec1e8064e7e8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50171,"status":200,"time_taken":368776,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:34.507071Z","timestamp":"2021-04-21T07:57:34.138438Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"807283b6-8e8f-4be2-965a-9e2fe56e57fe","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50171,"status":200,"time_taken":368836,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:34.614088Z","timestamp":"2021-04-21T07:57:34.251670Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f6e50780-4310-47db-a4c1-1eb6f2278180","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54436,"status":200,"time_taken":362637,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:36.603883Z","timestamp":"2021-04-21T07:57:36.235182Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"509e6d5d-3c14-4899-bcb7-8734cf25a821","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62998,"status":200,"time_taken":368953,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:40.480013Z","timestamp":"2021-04-21T07:57:40.101931Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ff05a4c0-1fe0-44a9-9416-f9fcae95153b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50172,"status":200,"time_taken":378123,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:40.485074Z","timestamp":"2021-04-21T07:57:40.107214Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a5e339c2-d262-42f0-a58c-9f0aa62e7c6d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50172,"status":200,"time_taken":378044,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:40.485315Z","timestamp":"2021-04-21T07:57:40.115817Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1765ddda-00e0-41bc-93e1-c5816473c86c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54438,"status":200,"time_taken":369732,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:41.614736Z","timestamp":"2021-04-21T07:57:41.250832Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"78a76873-5091-43c5-b9ec-3d3b3c84d68e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":62999,"status":200,"time_taken":364242,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:45.467611Z","timestamp":"2021-04-21T07:57:45.102079Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3011ce33-952f-453a-b8de-eec6d3aacea2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50173,"status":200,"time_taken":365593,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:45.472781Z","timestamp":"2021-04-21T07:57:45.107367Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"22123925-a453-4dee-be60-13acacd23dad","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50173,"status":200,"time_taken":365584,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:45.602851Z","timestamp":"2021-04-21T07:57:45.237042Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e8f26736-6865-440c-8fe3-2b514921270e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54440,"status":200,"time_taken":366009,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:47.491337Z","timestamp":"2021-04-21T07:57:47.125537Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"df1fc8d3-c49a-437c-9ee1-c2b772383ba4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63000,"status":200,"time_taken":366046,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:51.452604Z","timestamp":"2021-04-21T07:57:51.086505Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4de37d62-b508-45fb-803a-97abb52344b2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50174,"status":200,"time_taken":366179,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:51.457698Z","timestamp":"2021-04-21T07:57:51.091809Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b0b08538-ce22-4bab-be84-0be25f66db4a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50174,"status":200,"time_taken":366053,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:51.463584Z","timestamp":"2021-04-21T07:57:51.104903Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"85b56690-4fbd-42b1-9cd2-152e8f948ee6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54442,"status":200,"time_taken":359192,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:52.570139Z","timestamp":"2021-04-21T07:57:52.203524Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"096dfac0-7a4b-4ad7-97b8-85f0c161f9d8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63001,"status":200,"time_taken":366891,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:56.584925Z","timestamp":"2021-04-21T07:57:56.215328Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9bc83251-a7b5-489d-be23-fb22da65d129","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54444,"status":200,"time_taken":369791,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:57.482432Z","timestamp":"2021-04-21T07:57:57.102229Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ac3fbb5e-d7a9-41fc-91b7-a1d2aa11bb30","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50175,"status":200,"time_taken":380244,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:57:57.487606Z","timestamp":"2021-04-21T07:57:57.107526Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3a64ec44-b6b9-4377-a6b2-cbdb7aff3b9d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50175,"status":200,"time_taken":380246,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:57:58.463342Z","timestamp":"2021-04-21T07:57:58.094115Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"67a14106-270c-47a7-9112-eca9063aa573","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63002,"status":200,"time_taken":369493,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:02.459545Z","timestamp":"2021-04-21T07:58:02.086659Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b0bf2d6f-a45d-4535-8611-257949361562","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54446,"status":200,"time_taken":373120,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:03.476912Z","timestamp":"2021-04-21T07:58:03.102353Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"67506398-d2aa-4ffd-88fb-7f63c7ff6011","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50176,"status":200,"time_taken":374607,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:03.482080Z","timestamp":"2021-04-21T07:58:03.107675Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2459574-ad52-4dae-8c7f-ce94ba1e6b3b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50176,"status":200,"time_taken":374631,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:03.545184Z","timestamp":"2021-04-21T07:58:03.171936Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9b5698a6-19d6-4938-88e1-02f9dcd620b0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63003,"status":200,"time_taken":373539,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:07.582108Z","timestamp":"2021-04-21T07:58:07.211267Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f290adbc-e97b-4635-a5f7-e912bf174eab","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54448,"status":200,"time_taken":371035,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:08.483185Z","timestamp":"2021-04-21T07:58:08.117987Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c36e1ed5-5f5e-4fa1-818f-1087a05271c0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50178,"status":200,"time_taken":365251,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:08.488364Z","timestamp":"2021-04-21T07:58:08.123306Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c96afeff-be96-4e50-ae1b-a3912c4a6546","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50178,"status":200,"time_taken":365283,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:08.632483Z","timestamp":"2021-04-21T07:58:08.265480Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a817ce8e-f641-4200-9c1d-25f0ebc069d0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63004,"status":200,"time_taken":367249,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:13.452383Z","timestamp":"2021-04-21T07:58:13.083766Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b09e3233-b5bd-4e5f-ab9d-16ef579c1b61","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54450,"status":200,"time_taken":368860,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:14.055228Z","timestamp":"2021-04-21T07:58:14.053354Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1874,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:58:14.057727Z","timestamp":"2021-04-21T07:58:14.057231Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618989993114","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993114 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":496,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993114"} {"endtime":"2021-04-21T07:58:14.057933Z","timestamp":"2021-04-21T07:58:14.057700Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993115","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993115 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":233,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993115"} {"endtime":"2021-04-21T07:58:14.058161Z","timestamp":"2021-04-21T07:58:14.057992Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005118","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005118 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":169,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005118"} {"endtime":"2021-04-21T07:58:14.058266Z","timestamp":"2021-04-21T07:58:14.057700Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618990005117","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005117 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":566,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005117"} {"endtime":"2021-04-21T07:58:14.058771Z","timestamp":"2021-04-21T07:58:14.057231Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":1540,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:58:14.375075Z","timestamp":"2021-04-21T07:58:14.008687Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4474476a-74ed-4a01-9b06-c38114a2e816","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50179,"status":200,"time_taken":366449,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:14.380270Z","timestamp":"2021-04-21T07:58:14.014013Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e0f42645-65f0-4a99-a551-e540fb4f1056","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50179,"status":200,"time_taken":366451,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:14.488605Z","timestamp":"2021-04-21T07:58:14.124733Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ee9e4e2c-263f-4de6-ad06-6113563a60bd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63005,"status":200,"time_taken":364125,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:18.567714Z","timestamp":"2021-04-21T07:58:18.204047Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"af5179c0-0cb6-4511-ba63-17db2c165d4b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54454,"status":200,"time_taken":363907,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:19.500416Z","timestamp":"2021-04-21T07:58:19.133748Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5b4db33c-72f3-4f43-bd90-a6a7be6ed55c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50180,"status":200,"time_taken":366727,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:19.505650Z","timestamp":"2021-04-21T07:58:19.139084Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fdcd26ea-63b8-4064-82a2-816cc6309e3c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50180,"status":200,"time_taken":366754,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:19.569505Z","timestamp":"2021-04-21T07:58:19.202750Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3d9c1acf-8490-45f6-89e1-f32cd3c0fdae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63006,"status":200,"time_taken":367018,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:22.101304Z","timestamp":"2021-04-21T07:58:22.101304Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5780,"sum(time_taken)":4983} {"endtime":"2021-04-21T07:58:22.101304Z","timestamp":"2021-04-21T07:58:22.101304Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4036390} {"endtime":"2021-04-21T07:58:22.101304Z","timestamp":"2021-04-21T07:58:22.101304Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4075477} {"endtime":"2021-04-21T07:58:22.101304Z","timestamp":"2021-04-21T07:58:22.101304Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4050476} {"endtime":"2021-04-21T07:58:22.101385Z","timestamp":"2021-04-21T07:58:22.101385Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":12167326} {"endtime":"2021-04-21T07:58:22.101393Z","timestamp":"2021-04-21T07:58:22.101393Z","count":39,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:58:22.101400Z","timestamp":"2021-04-21T07:58:22.101400Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":758,"sum(time_taken)":1780} {"endtime":"2021-04-21T07:58:22.101400Z","timestamp":"2021-04-21T07:58:22.101400Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1496} {"endtime":"2021-04-21T07:58:22.101400Z","timestamp":"2021-04-21T07:58:22.101400Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2316,"sum(time_taken)":1232} {"endtime":"2021-04-21T07:58:22.101400Z","timestamp":"2021-04-21T07:58:22.101400Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":475} {"endtime":"2021-04-21T07:58:22.101400Z","timestamp":"2021-04-21T07:58:22.101400Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12162343} {"endtime":"2021-04-21T07:58:24.432379Z","timestamp":"2021-04-21T07:58:24.069884Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9d1f6ceb-095e-4058-977b-4fc1422409ae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54456,"status":200,"time_taken":362733,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:25.177684Z","timestamp":"2021-04-21T07:58:25.177684Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3707295} {"endtime":"2021-04-21T07:58:25.177679Z","timestamp":"2021-04-21T07:58:25.177679Z","count":10,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:58:25.177672Z","timestamp":"2021-04-21T07:58:25.177672Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3707295} {"endtime":"2021-04-21T07:58:25.177625Z","timestamp":"2021-04-21T07:58:25.177625Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3707295} {"endtime":"2021-04-21T07:58:25.426617Z","timestamp":"2021-04-21T07:58:25.061938Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b8287a4a-5e51-4625-8f80-cee6abbfd8af","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63007,"status":200,"time_taken":364927,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:25.485004Z","timestamp":"2021-04-21T07:58:25.118224Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"deb95e05-4647-4167-b877-651def18c0b0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50181,"status":200,"time_taken":366827,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:25.490183Z","timestamp":"2021-04-21T07:58:25.123573Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"54a584ac-1427-4e3b-a76c-b26499666d7e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50181,"status":200,"time_taken":366796,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:29.553005Z","timestamp":"2021-04-21T07:58:29.184120Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b3a01730-547e-4f1f-8083-8e6e3cf603ef","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54458,"status":200,"time_taken":369098,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:30.567996Z","timestamp":"2021-04-21T07:58:30.202291Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6b6e0dc1-bfce-4334-a8f1-344b82f694f8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63009,"status":200,"time_taken":365952,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:31.425828Z","timestamp":"2021-04-21T07:58:31.055754Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cb237f80-3493-4312-856e-ccf00c593ac2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50182,"status":200,"time_taken":370130,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:31.431048Z","timestamp":"2021-04-21T07:58:31.061132Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f809d79d-b1eb-4e2e-aa4e-a5f96f044171","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50182,"status":200,"time_taken":370084,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:35.417630Z","timestamp":"2021-04-21T07:58:35.054756Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c0f1898b-5fca-4d3d-96ee-29cd5e0ee15e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54460,"status":200,"time_taken":363099,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:36.432026Z","timestamp":"2021-04-21T07:58:36.061675Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"276eb050-aec4-4030-a8d4-331837c9478c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63011,"status":200,"time_taken":370740,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:36.560372Z","timestamp":"2021-04-21T07:58:36.196497Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"304bf42f-7631-4b39-993b-5ef69b3bad48","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50183,"status":200,"time_taken":363941,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:36.565631Z","timestamp":"2021-04-21T07:58:36.201848Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2e3da6e9-a876-4a10-b288-226688a2a452","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50183,"status":200,"time_taken":363975,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:40.546080Z","timestamp":"2021-04-21T07:58:40.169301Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0f468ff7-e071-4be6-87ce-473c60f7ffe9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54462,"status":200,"time_taken":377002,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:41.504521Z","timestamp":"2021-04-21T07:58:41.139584Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d80c0684-d98a-4ff9-9709-6e5a7732e07e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63012,"status":200,"time_taken":365268,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:42.498096Z","timestamp":"2021-04-21T07:58:42.118323Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e7394c26-0162-4d6b-97a7-9aade296f136","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50184,"status":200,"time_taken":379832,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:42.503330Z","timestamp":"2021-04-21T07:58:42.123683Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"75cc8f72-2ad7-4d1c-938b-379704531db0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50184,"status":200,"time_taken":379842,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:46.412796Z","timestamp":"2021-04-21T07:58:46.047954Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"55096948-ab0f-497b-baaa-d7d374dc4524","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54464,"status":200,"time_taken":365071,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:46.546486Z","timestamp":"2021-04-21T07:58:46.171371Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ad4b7401-19b5-4d8f-9741-b7468a3e0bb1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63013,"status":200,"time_taken":375441,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:47.481818Z","timestamp":"2021-04-21T07:58:47.118473Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"aabf68e6-44e2-4f3e-85fd-db5937d7d806","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50185,"status":200,"time_taken":363387,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:47.487033Z","timestamp":"2021-04-21T07:58:47.123856Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7133f027-9154-47dc-82e5-860da3914273","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50185,"status":200,"time_taken":363353,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:51.539886Z","timestamp":"2021-04-21T07:58:51.164517Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"95dc510c-1445-43ba-a3ef-b6e6ca0a684d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54466,"status":200,"time_taken":375609,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:51.597109Z","timestamp":"2021-04-21T07:58:51.232986Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c3bb5fd0-0872-4109-a9e5-d0b24806d4f6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63014,"status":200,"time_taken":364403,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:53.422779Z","timestamp":"2021-04-21T07:58:53.057258Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"39fe43c4-84b1-4e3d-a088-9b9a0bf25064","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50186,"status":200,"time_taken":365568,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:53.428037Z","timestamp":"2021-04-21T07:58:53.062637Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ee493261-acdf-4f26-8aa8-d0d735928a86","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50186,"status":200,"time_taken":365563,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:57.402822Z","timestamp":"2021-04-21T07:58:57.041660Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"806c59da-9171-4efc-af8b-f1c7cf0a0551","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54468,"status":200,"time_taken":361358,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:57.482638Z","timestamp":"2021-04-21T07:58:57.123469Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dd9f8d40-ae35-41ee-88b9-866bcbb960c7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63015,"status":200,"time_taken":359528,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:58:58.560103Z","timestamp":"2021-04-21T07:58:58.197949Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e9b11a68-5c6e-4cbf-a2e6-62ea40ecb502","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50187,"status":200,"time_taken":362196,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:58:58.565408Z","timestamp":"2021-04-21T07:58:58.203323Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"47cc8d05-12c4-4e45-b43c-129794f6faea","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50187,"status":200,"time_taken":362261,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:02.533044Z","timestamp":"2021-04-21T07:59:02.154557Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ced2b4a0-4496-47ef-bc3b-ba09116c95a1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54470,"status":200,"time_taken":378742,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:02.607127Z","timestamp":"2021-04-21T07:59:02.232675Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"faf15de2-4d68-4745-a15f-eb517b7b6ff6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63016,"status":200,"time_taken":374765,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:04.497537Z","timestamp":"2021-04-21T07:59:04.119952Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6ef95189-6d4d-4f3e-bcc3-4a45b7d91949","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50188,"status":200,"time_taken":377631,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:04.502776Z","timestamp":"2021-04-21T07:59:04.125339Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"be79a6ea-22a6-4953-bb2f-b04188e7e961","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50188,"status":200,"time_taken":377651,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:08.414712Z","timestamp":"2021-04-21T07:59:08.034893Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ad947676-3c91-49d6-84b0-69eecababb3c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54472,"status":200,"time_taken":380027,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:08.458284Z","timestamp":"2021-04-21T07:59:08.091749Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8da8c800-d5c5-4c68-86d2-ca5827baa5ca","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63017,"status":200,"time_taken":366791,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:10.472325Z","timestamp":"2021-04-21T07:59:10.104360Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a8b82100-af3b-455d-9c6e-32f4b4907415","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50190,"status":200,"time_taken":368020,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:10.477618Z","timestamp":"2021-04-21T07:59:10.109808Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"997ba3b6-7e53-42d0-8382-e43b784321a2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50190,"status":200,"time_taken":368041,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:13.543067Z","timestamp":"2021-04-21T07:59:13.166543Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5861a3c4-f7a9-4aea-ad4c-e9b672499027","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54474,"status":200,"time_taken":376755,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:13.545296Z","timestamp":"2021-04-21T07:59:13.169678Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7dba106d-26ea-4d86-912e-cb361f9debf6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63018,"status":200,"time_taken":375846,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:14.059624Z","timestamp":"2021-04-21T07:59:14.058524Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618990005119","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005119 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":1100,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005119"} {"endtime":"2021-04-21T07:59:14.059731Z","timestamp":"2021-04-21T07:59:14.058995Z","bytes":1891,"bytes_in":731,"bytes_out":1160,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618989993116","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993116 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":736,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993116"} {"endtime":"2021-04-21T07:59:14.059809Z","timestamp":"2021-04-21T07:59:14.059482Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993117","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993117 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":327,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993117"} {"endtime":"2021-04-21T07:59:14.059881Z","timestamp":"2021-04-21T07:59:14.059482Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005120","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005120 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":399,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005120"} {"endtime":"2021-04-21T07:59:14.060560Z","timestamp":"2021-04-21T07:59:14.058995Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":1565,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T07:59:14.060632Z","timestamp":"2021-04-21T07:59:14.058524Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=MKacWP5zbmp6KDF8lovuuos^acKJGBoGZNQuyJL88nvhmP3S_jMZkMSJxthYug1G1ph3lltO7q^yxQEqPasRFaxlW5zKCTw2jZZYyyxBKRdyA2ET5axf8Yq_4od1pWo5DF59adIT","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":2108,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T07:59:16.481920Z","timestamp":"2021-04-21T07:59:16.104428Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3c820f56-fe30-42cd-8ef9-d61ee5588c98","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50191,"status":200,"time_taken":377535,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:16.487234Z","timestamp":"2021-04-21T07:59:16.109868Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f5110774-f016-46ac-a76f-d19e2d0d5f8a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50191,"status":200,"time_taken":377541,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:19.417242Z","timestamp":"2021-04-21T07:59:19.044911Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a06c5fa7-077a-4407-8030-080fb606e1c6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54478,"status":200,"time_taken":372615,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:19.473722Z","timestamp":"2021-04-21T07:59:19.091412Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b5bbeb78-31cc-40be-af39-6622f964ab36","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63019,"status":200,"time_taken":382622,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:22.202833Z","timestamp":"2021-04-21T07:59:22.202833Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5788,"sum(time_taken)":4878} {"endtime":"2021-04-21T07:59:22.202833Z","timestamp":"2021-04-21T07:59:22.202833Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4082109} {"endtime":"2021-04-21T07:59:22.202833Z","timestamp":"2021-04-21T07:59:22.202833Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3695107} {"endtime":"2021-04-21T07:59:22.202833Z","timestamp":"2021-04-21T07:59:22.202833Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4066283} {"endtime":"2021-04-21T07:59:22.202908Z","timestamp":"2021-04-21T07:59:22.202908Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":11848377} {"endtime":"2021-04-21T07:59:22.202916Z","timestamp":"2021-04-21T07:59:22.202916Z","count":38,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:59:22.202922Z","timestamp":"2021-04-21T07:59:22.202922Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1874} {"endtime":"2021-04-21T07:59:22.202922Z","timestamp":"2021-04-21T07:59:22.202922Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1540} {"endtime":"2021-04-21T07:59:22.202922Z","timestamp":"2021-04-21T07:59:22.202922Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2320,"sum(time_taken)":1062} {"endtime":"2021-04-21T07:59:22.202922Z","timestamp":"2021-04-21T07:59:22.202922Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":402} {"endtime":"2021-04-21T07:59:22.202922Z","timestamp":"2021-04-21T07:59:22.202922Z","count":32,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5344,"sum(bytes_out)":32512,"sum(time_taken)":11843499} {"endtime":"2021-04-21T07:59:22.486426Z","timestamp":"2021-04-21T07:59:22.120152Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"82279bd2-a674-4441-8a28-dd98c0e09083","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50192,"status":200,"time_taken":366321,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:22.491731Z","timestamp":"2021-04-21T07:59:22.125648Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"98822bb7-e9b8-4c64-9210-c4d04469588c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50192,"status":200,"time_taken":366266,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:24.542333Z","timestamp":"2021-04-21T07:59:24.170170Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"05e8d4c3-3fde-4429-9ba2-baf50c921471","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63020,"status":200,"time_taken":372456,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:24.542550Z","timestamp":"2021-04-21T07:59:24.169356Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3fe85255-e892-4027-84e1-7e8cec853455","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54480,"status":200,"time_taken":373408,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:26.037859Z","timestamp":"2021-04-21T07:59:26.037859Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4061388} {"endtime":"2021-04-21T07:59:26.037853Z","timestamp":"2021-04-21T07:59:26.037853Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T07:59:26.037847Z","timestamp":"2021-04-21T07:59:26.037847Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4061388} {"endtime":"2021-04-21T07:59:26.037784Z","timestamp":"2021-04-21T07:59:26.037784Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4061388} {"endtime":"2021-04-21T07:59:28.402881Z","timestamp":"2021-04-21T07:59:28.042063Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"03cd9c84-043f-4d25-a1bb-2695c6c5e05a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50193,"status":200,"time_taken":360877,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:28.408199Z","timestamp":"2021-04-21T07:59:28.047516Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0afa4256-d441-4fc6-97bd-ab9e03f7755a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50193,"status":200,"time_taken":360857,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:29.597138Z","timestamp":"2021-04-21T07:59:29.231942Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"211364ba-2093-420d-ba3c-7f8de439d1ab","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63022,"status":200,"time_taken":365516,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:30.417961Z","timestamp":"2021-04-21T07:59:30.044401Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2a125e6-f87e-4bff-8007-538c9a55f869","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54482,"status":200,"time_taken":373794,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:33.595189Z","timestamp":"2021-04-21T07:59:33.229646Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e51ff257-0d09-4f24-8862-207cd8550fbc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50194,"status":200,"time_taken":365595,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:33.600512Z","timestamp":"2021-04-21T07:59:33.235137Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4d4df789-a4ec-4678-b8ef-6989a8f19691","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50194,"status":200,"time_taken":365596,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:35.503327Z","timestamp":"2021-04-21T07:59:35.138028Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"695070b9-a64e-4e2a-9868-fdc936b099be","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63026,"status":200,"time_taken":365755,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:35.532006Z","timestamp":"2021-04-21T07:59:35.169653Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5b199d32-8b07-49d0-8588-d789fa3a2460","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54484,"status":200,"time_taken":362573,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:39.395868Z","timestamp":"2021-04-21T07:59:39.026938Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d4953a4a-2bca-466d-bfe3-5ba7c7c5e594","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50195,"status":200,"time_taken":368986,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:39.401203Z","timestamp":"2021-04-21T07:59:39.032414Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1e61e6ac-ee00-4aaa-8988-51ca96bece30","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50195,"status":200,"time_taken":368992,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:40.583025Z","timestamp":"2021-04-21T07:59:40.215724Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"501a67a9-a125-480c-8df9-18607e667ea6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63027,"status":200,"time_taken":367524,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:41.394026Z","timestamp":"2021-04-21T07:59:41.033755Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"78d7bbb7-8487-4334-ac03-dbf87b495c1d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54486,"status":200,"time_taken":360511,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:44.570406Z","timestamp":"2021-04-21T07:59:44.198684Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2ace5f8b-ad06-4fad-8a4c-10f476bb7ce8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50196,"status":200,"time_taken":371779,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:44.575690Z","timestamp":"2021-04-21T07:59:44.204047Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"74a50510-e18f-4b6a-8ec2-23f84f2e332b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50196,"status":200,"time_taken":371849,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:46.463843Z","timestamp":"2021-04-21T07:59:46.090775Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b34cf90f-5122-43c0-b2dc-b4837eb15f04","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63028,"status":200,"time_taken":373420,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:46.507185Z","timestamp":"2021-04-21T07:59:46.145690Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2ecd5836-bdb9-4907-aeb4-039063fce486","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54488,"status":200,"time_taken":361689,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:49.572444Z","timestamp":"2021-04-21T07:59:49.215384Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1a4f13dd-7c24-4ed8-9a45-20e2edd2f7ab","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50197,"status":200,"time_taken":357099,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:49.577817Z","timestamp":"2021-04-21T07:59:49.220874Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"15a5b4f7-3359-4aac-bfc4-f7f4007d02fc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50197,"status":200,"time_taken":357121,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:51.554404Z","timestamp":"2021-04-21T07:59:51.184227Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"34c917dd-d67a-4e1f-a132-c621f5d84b58","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63029,"status":200,"time_taken":370437,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:52.371892Z","timestamp":"2021-04-21T07:59:52.008979Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"85d38158-9433-4b0a-b73c-a6e399cd2db6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54490,"status":200,"time_taken":363112,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:55.516775Z","timestamp":"2021-04-21T07:59:55.152983Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c3543928-0e26-47d5-8a21-55501af4c2cc","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50198,"status":200,"time_taken":363847,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T07:59:55.522183Z","timestamp":"2021-04-21T07:59:55.158475Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bf437e18-4765-4806-87e0-00ce04352b58","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50198,"status":200,"time_taken":363879,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:57.492446Z","timestamp":"2021-04-21T07:59:57.123724Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5c4abcb4-2f9b-448b-8742-ebcf8ee33f8f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54492,"status":200,"time_taken":368981,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T07:59:57.496884Z","timestamp":"2021-04-21T07:59:57.137111Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f60432e7-96e5-40f7-9690-95ad0c64a255","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63030,"status":200,"time_taken":360004,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:01.515189Z","timestamp":"2021-04-21T08:00:01.137448Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c15d5cc1-f544-47e6-b423-ecc96bb0568d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50199,"status":200,"time_taken":377800,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:01.520571Z","timestamp":"2021-04-21T08:00:01.142976Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"11d6aa5c-f040-4db2-b59e-3eb96d3f2b80","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50199,"status":200,"time_taken":377790,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:02.545574Z","timestamp":"2021-04-21T08:00:02.168790Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"10243419-6dc8-4060-92ca-feef78d0acac","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63032,"status":200,"time_taken":377217,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:02.611984Z","timestamp":"2021-04-21T08:00:02.244407Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e83db9e6-655d-40f1-9b07-3ff84cc23fb3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54494,"status":200,"time_taken":367892,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:07.473579Z","timestamp":"2021-04-21T08:00:07.106244Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"391ec2cb-8e9c-4ca8-926c-68ab11166be5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50201,"status":200,"time_taken":367382,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:07.478926Z","timestamp":"2021-04-21T08:00:07.111759Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3fb3de8d-e5f2-4b79-9c2b-75672b198b55","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50201,"status":200,"time_taken":367329,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:07.617495Z","timestamp":"2021-04-21T08:00:07.246283Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"29e31c3d-ca0c-4be4-8289-035376c401ca","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63033,"status":200,"time_taken":371480,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:08.482743Z","timestamp":"2021-04-21T08:00:08.114010Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a87cd5d5-8a10-4cc7-8d2d-db93c803bfd6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54496,"status":200,"time_taken":369199,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:13.495513Z","timestamp":"2021-04-21T08:00:13.121251Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7dc35dcd-2e2f-431d-b246-f70549ba5f84","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50202,"status":200,"time_taken":374306,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:13.500295Z","timestamp":"2021-04-21T08:00:13.120896Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5aef6ff4-6415-4092-9d2c-c6621d51119f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63034,"status":200,"time_taken":379680,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:13.500631Z","timestamp":"2021-04-21T08:00:13.126783Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b42fe21b-987d-40a6-8171-89e707990431","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50202,"status":200,"time_taken":374016,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:13.606719Z","timestamp":"2021-04-21T08:00:13.234515Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"81eec609-6889-4248-bf57-4b691421779b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54498,"status":200,"time_taken":372402,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:14.059862Z","timestamp":"2021-04-21T08:00:14.059027Z","bytes":1892,"bytes_in":731,"bytes_out":1161,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618990005121","http_comment":"HTTP/1.1 200 OK","http_content_length":416,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005121 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":835,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005121"} {"endtime":"2021-04-21T08:00:14.060236Z","timestamp":"2021-04-21T08:00:14.059846Z","bytes":1892,"bytes_in":731,"bytes_out":1161,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&_=1618989993118","http_comment":"HTTP/1.1 200 OK","http_content_length":416,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993118 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":390,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993118"} {"endtime":"2021-04-21T08:00:14.061167Z","timestamp":"2021-04-21T08:00:14.059662Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":1505,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T08:00:14.061284Z","timestamp":"2021-04-21T08:00:14.059662Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":1622,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T08:00:14.063505Z","timestamp":"2021-04-21T08:00:14.063295Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005122","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005122 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":210,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005122"} {"endtime":"2021-04-21T08:00:14.063579Z","timestamp":"2021-04-21T08:00:14.063367Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993119","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993119 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":212,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993119"} {"endtime":"2021-04-21T08:00:18.590015Z","timestamp":"2021-04-21T08:00:18.230304Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1fddb79f-be7f-46c1-9073-5425d3283f38","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63035,"status":200,"time_taken":359994,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:19.433726Z","timestamp":"2021-04-21T08:00:19.074488Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a3eb2a14-d097-4a54-89be-31bad78cfd3a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50203,"status":200,"time_taken":359273,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:19.439152Z","timestamp":"2021-04-21T08:00:19.080041Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3eae6726-f17d-4180-9ad6-d90deb1bbbd6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50203,"status":200,"time_taken":359271,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:19.465367Z","timestamp":"2021-04-21T08:00:19.108486Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"13f8e86e-a1cd-41be-bd14-21ffa95a6734","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54502,"status":200,"time_taken":357096,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:23.006553Z","timestamp":"2021-04-21T08:00:23.006553Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5788,"sum(time_taken)":6235} {"endtime":"2021-04-21T08:00:23.006553Z","timestamp":"2021-04-21T08:00:23.006553Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4030657} {"endtime":"2021-04-21T08:00:23.006553Z","timestamp":"2021-04-21T08:00:23.006553Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4032966} {"endtime":"2021-04-21T08:00:23.006553Z","timestamp":"2021-04-21T08:00:23.006553Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4063483} {"endtime":"2021-04-21T08:00:23.006632Z","timestamp":"2021-04-21T08:00:23.006632Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":12133341} {"endtime":"2021-04-21T08:00:23.006640Z","timestamp":"2021-04-21T08:00:23.006640Z","count":39,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:00:23.006646Z","timestamp":"2021-04-21T08:00:23.006646Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1565} {"endtime":"2021-04-21T08:00:23.006646Z","timestamp":"2021-04-21T08:00:23.006646Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":2108} {"endtime":"2021-04-21T08:00:23.006646Z","timestamp":"2021-04-21T08:00:23.006646Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2320,"sum(time_taken)":1836} {"endtime":"2021-04-21T08:00:23.006646Z","timestamp":"2021-04-21T08:00:23.006646Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":726} {"endtime":"2021-04-21T08:00:23.006646Z","timestamp":"2021-04-21T08:00:23.006646Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12127106} {"endtime":"2021-04-21T08:00:24.460262Z","timestamp":"2021-04-21T08:00:24.089470Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"52e6127d-ab8b-4edb-9989-ecf336a69c45","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63036,"status":200,"time_taken":371109,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:24.464602Z","timestamp":"2021-04-21T08:00:24.090127Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8bee983c-69bc-4e12-9430-b1295564ee8b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50204,"status":200,"time_taken":374519,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:24.470009Z","timestamp":"2021-04-21T08:00:24.095687Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"34c23319-cbfb-42a8-9d86-ebcfcb53181e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50204,"status":200,"time_taken":374481,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:24.582796Z","timestamp":"2021-04-21T08:00:24.217380Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c5a82e69-dd76-4eec-b50c-ec46768e2493","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54504,"status":200,"time_taken":365649,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:26.077985Z","timestamp":"2021-04-21T08:00:26.077985Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4041463} {"endtime":"2021-04-21T08:00:26.077980Z","timestamp":"2021-04-21T08:00:26.077980Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:00:26.077974Z","timestamp":"2021-04-21T08:00:26.077974Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4041463} {"endtime":"2021-04-21T08:00:26.077921Z","timestamp":"2021-04-21T08:00:26.077921Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4041463} {"endtime":"2021-04-21T08:00:29.510335Z","timestamp":"2021-04-21T08:00:29.151786Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"38fb1740-961e-418b-823a-120626758d7e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63037,"status":200,"time_taken":358793,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:30.418815Z","timestamp":"2021-04-21T08:00:30.058999Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fd1aa869-da83-47be-9788-e6ab77389303","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50205,"status":200,"time_taken":359871,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:30.424237Z","timestamp":"2021-04-21T08:00:30.064589Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"27e6ff04-3c9c-46b9-a342-38a3cb910b49","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50205,"status":200,"time_taken":359839,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:30.438233Z","timestamp":"2021-04-21T08:00:30.084743Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"97e36698-740a-4741-9fc5-ab4345179ef6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54506,"status":200,"time_taken":353729,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:34.611295Z","timestamp":"2021-04-21T08:00:34.245368Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7cdae9db-3b01-4960-8fdc-52b23b08d397","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63040,"status":200,"time_taken":366193,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:35.458968Z","timestamp":"2021-04-21T08:00:35.090302Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"76179022-19cf-470d-9e8f-06d232841e37","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50206,"status":200,"time_taken":368701,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:35.464405Z","timestamp":"2021-04-21T08:00:35.095929Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f98f51fa-436c-4819-859a-52f4d7680042","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50206,"status":200,"time_taken":368668,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:35.554186Z","timestamp":"2021-04-21T08:00:35.189978Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a9abbc77-61c1-4253-aaac-8795c1993948","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54508,"status":200,"time_taken":364739,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:40.481475Z","timestamp":"2021-04-21T08:00:40.120077Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"030ff646-1954-4bbe-bf76-adf48a68e2e7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63044,"status":200,"time_taken":361635,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:41.413347Z","timestamp":"2021-04-21T08:00:41.059098Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"07005c7a-a52a-4d62-ac02-365053051272","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50207,"status":200,"time_taken":354315,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:41.418809Z","timestamp":"2021-04-21T08:00:41.064701Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"983716b8-0720-4234-a8cf-18781e33e647","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50207,"status":200,"time_taken":354275,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:41.421866Z","timestamp":"2021-04-21T08:00:41.056599Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bc07ecfd-b9d6-4bc8-949a-fb0ecdbbec21","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54510,"status":200,"time_taken":365502,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:45.561932Z","timestamp":"2021-04-21T08:00:45.198149Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2325d2ec-b04e-40ce-935d-895e490582ac","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63045,"status":200,"time_taken":364034,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:46.541402Z","timestamp":"2021-04-21T08:00:46.173697Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f7367bcf-7420-47a6-9d1f-475aac119a00","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54512,"status":200,"time_taken":368065,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:46.581165Z","timestamp":"2021-04-21T08:00:46.199820Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0d502ab1-588c-40d7-a239-50e123cedada","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50208,"status":200,"time_taken":381409,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:46.586667Z","timestamp":"2021-04-21T08:00:46.205447Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"386772fd-f960-4c30-ba87-e98a02e77a8e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50208,"status":200,"time_taken":381412,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:51.454657Z","timestamp":"2021-04-21T08:00:51.088791Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0097fd7c-c698-41aa-a10f-6fc94e2f1ac6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63046,"status":200,"time_taken":366194,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:52.412889Z","timestamp":"2021-04-21T08:00:52.043424Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e5a23c87-d2bf-4a56-99f4-9dca93e41e3c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54514,"status":200,"time_taken":369782,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:52.534253Z","timestamp":"2021-04-21T08:00:52.168630Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bb9858b2-2a11-45a0-a4a5-ff5f3bf19d8f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50209,"status":200,"time_taken":365668,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:52.539722Z","timestamp":"2021-04-21T08:00:52.174258Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3d529a9e-b096-494b-847d-ded56da8e418","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50209,"status":200,"time_taken":365607,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:56.563082Z","timestamp":"2021-04-21T08:00:56.197253Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"299bd6e0-d1cc-4169-8701-172b2c6fb631","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63050,"status":200,"time_taken":366056,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:57.548199Z","timestamp":"2021-04-21T08:00:57.164711Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e423c02c-01b6-40e9-acf8-b5ba226eb172","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54516,"status":200,"time_taken":383768,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:00:58.541512Z","timestamp":"2021-04-21T08:00:58.168746Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c771a908-5d63-434f-86d7-418ec63e7a62","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50210,"status":200,"time_taken":372806,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:00:58.547043Z","timestamp":"2021-04-21T08:00:58.174394Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"88189288-ac1f-4766-ae59-8dc8a2a480e4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50210,"status":200,"time_taken":372839,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:02.462539Z","timestamp":"2021-04-21T08:01:02.088651Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"61c06985-5739-4e42-b9a0-e4c691f5fc9f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63051,"status":200,"time_taken":374373,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:03.416230Z","timestamp":"2021-04-21T08:01:03.050097Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cf56f81c-9e1b-4184-8bc6-06dc241b38e3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54518,"status":200,"time_taken":366383,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:04.503163Z","timestamp":"2021-04-21T08:01:04.137519Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d0106ffe-6f75-42f6-ae39-aa334f6c9de7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50211,"status":200,"time_taken":365689,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:04.508694Z","timestamp":"2021-04-21T08:01:04.143177Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d77b146e-373f-4d06-865d-5744b244d22e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50211,"status":200,"time_taken":365670,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:07.487249Z","timestamp":"2021-04-21T08:01:07.119436Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d08ff2a3-8138-4d5f-8f94-2353ebd03a7b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63052,"status":200,"time_taken":368067,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:08.062840Z","timestamp":"2021-04-21T08:01:08.061025Z","bytes":615,"bytes_in":280,"bytes_out":335,"dest_ip":"8.248.119.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"25741117-9592-4716-897b-bf8c4c0f40cb","form_data":"aa7dfd01ec259aab","http_comment":"HTTP/1.1 304 Not Modified","http_method":"GET","http_user_agent":"Microsoft-CryptoAPI/10.0","protocol_stack":"ip:tcp:http:windows_update","request":"GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?aa7dfd01ec259aab HTTP/1.1","server":"Microsoft-IIS/10.0","site":"ctldl.windowsupdate.com","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50213,"status":304,"time_taken":1836,"transport":"tcp","uri_path":"/msdownload/update/v3/static/trustedr/en/authrootstl.cab","uri_query":"aa7dfd01ec259aab"} {"endtime":"2021-04-21T08:01:08.538514Z","timestamp":"2021-04-21T08:01:08.167991Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bcef0a46-d498-49c1-a49e-28731af2e49b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54520,"status":200,"time_taken":370779,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:08.573948Z","timestamp":"2021-04-21T08:01:08.572465Z","bytes":615,"bytes_in":280,"bytes_out":335,"dest_ip":"8.248.119.254","dest_mac":"02:AC:9D:85:B5:68","dest_port":80,"flow_id":"76809f45-294d-43b2-9f91-9b5c4ab1a3e8","form_data":"aa7dfd01ec259aab","http_comment":"HTTP/1.1 304 Not Modified","http_method":"GET","http_user_agent":"Microsoft-CryptoAPI/10.0","protocol_stack":"ip:tcp:http:windows_update","request":"GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?aa7dfd01ec259aab HTTP/1.1","server":"Microsoft-IIS/10.0","site":"ctldl.windowsupdate.com","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50213,"status":304,"time_taken":1529,"transport":"tcp","uri_path":"/msdownload/update/v3/static/trustedr/en/authrootstl.cab","uri_query":"aa7dfd01ec259aab","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:10.491455Z","timestamp":"2021-04-21T08:01:10.120409Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5b1affb8-f5db-4e36-8dbb-8fbb36b6c697","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50214,"status":200,"time_taken":371056,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:10.496993Z","timestamp":"2021-04-21T08:01:10.126108Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"64e12599-bf7e-44d5-9241-2b045f76767f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50214,"status":200,"time_taken":371057,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:12.588132Z","timestamp":"2021-04-21T08:01:12.213124Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2c2bebce-6d6a-4ba9-8555-354fe1ec5f5c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63053,"status":200,"time_taken":375352,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:14.419531Z","timestamp":"2021-04-21T08:01:14.040520Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ad05662b-5447-4652-8487-b4ef59a5bfbd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54522,"status":200,"time_taken":379248,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:16.438092Z","timestamp":"2021-04-21T08:01:16.073707Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5aeab29d-fd77-4357-b55d-64474f954878","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50215,"status":200,"time_taken":364470,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:16.443633Z","timestamp":"2021-04-21T08:01:16.079309Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ef2e4726-9bc0-4b3a-8e05-2ef387e40531","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50215,"status":200,"time_taken":364513,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:18.365906Z","timestamp":"2021-04-21T08:01:18.365345Z","bytes":1890,"bytes_in":731,"bytes_out":1159,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618989993120","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993120 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":561,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993120"} {"endtime":"2021-04-21T08:01:18.365991Z","timestamp":"2021-04-21T08:01:18.364824Z","bytes":1890,"bytes_in":731,"bytes_out":1159,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618990005123","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005123 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":1167,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005123"} {"endtime":"2021-04-21T08:01:18.366244Z","timestamp":"2021-04-21T08:01:18.365886Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993121","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993121 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":358,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993121"} {"endtime":"2021-04-21T08:01:18.366387Z","timestamp":"2021-04-21T08:01:18.366131Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005124","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005124 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":256,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005124"} {"endtime":"2021-04-21T08:01:18.366848Z","timestamp":"2021-04-21T08:01:18.364795Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":2053,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T08:01:18.367277Z","timestamp":"2021-04-21T08:01:18.365939Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":1338,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T08:01:18.484427Z","timestamp":"2021-04-21T08:01:18.119020Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1b802259-af04-4d37-8166-e095063ef90a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63054,"status":200,"time_taken":365635,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:19.544377Z","timestamp":"2021-04-21T08:01:19.171277Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5e03f4dd-fe31-4943-9034-9fb3b40c28eb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54526,"status":200,"time_taken":373318,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:21.599306Z","timestamp":"2021-04-21T08:01:21.229946Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fe3828f0-76ce-480d-9e19-f93848963767","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50216,"status":200,"time_taken":369430,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:21.604871Z","timestamp":"2021-04-21T08:01:21.235677Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"882671b6-ba89-405d-b447-cd7c0faa3d8e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50216,"status":200,"time_taken":369422,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:23.076041Z","timestamp":"2021-04-21T08:01:23.076041Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5790,"sum(time_taken)":4774} {"endtime":"2021-04-21T08:01:23.076041Z","timestamp":"2021-04-21T08:01:23.076041Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4060962} {"endtime":"2021-04-21T08:01:23.076041Z","timestamp":"2021-04-21T08:01:23.076041Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4047783} {"endtime":"2021-04-21T08:01:23.076041Z","timestamp":"2021-04-21T08:01:23.076041Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4037441} {"endtime":"2021-04-21T08:01:23.076149Z","timestamp":"2021-04-21T08:01:23.076149Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":12150960} {"endtime":"2021-04-21T08:01:23.076157Z","timestamp":"2021-04-21T08:01:23.076157Z","count":39,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:01:23.076163Z","timestamp":"2021-04-21T08:01:23.076163Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1505} {"endtime":"2021-04-21T08:01:23.076163Z","timestamp":"2021-04-21T08:01:23.076163Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1622} {"endtime":"2021-04-21T08:01:23.076163Z","timestamp":"2021-04-21T08:01:23.076163Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2322,"sum(time_taken)":1225} {"endtime":"2021-04-21T08:01:23.076163Z","timestamp":"2021-04-21T08:01:23.076163Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":422} {"endtime":"2021-04-21T08:01:23.076163Z","timestamp":"2021-04-21T08:01:23.076163Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":33528,"sum(time_taken)":12146186} {"endtime":"2021-04-21T08:01:23.547253Z","timestamp":"2021-04-21T08:01:23.182059Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"60220111-2b70-46fc-b0f0-f8d00023e46a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63055,"status":200,"time_taken":365435,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:25.410886Z","timestamp":"2021-04-21T08:01:25.046658Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e7ba10ff-da0a-4891-8a4a-b81813314fdf","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54528,"status":200,"time_taken":364485,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:26.155829Z","timestamp":"2021-04-21T08:01:26.155829Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3673415} {"endtime":"2021-04-21T08:01:26.155824Z","timestamp":"2021-04-21T08:01:26.155824Z","count":10,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:01:26.155818Z","timestamp":"2021-04-21T08:01:26.155818Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3673415} {"endtime":"2021-04-21T08:01:26.155766Z","timestamp":"2021-04-21T08:01:26.155766Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3673415} {"endtime":"2021-04-21T08:01:27.365331Z","timestamp":"2021-04-21T08:01:26.995613Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1942dbe-30b3-4cca-8487-5da38a1c96d7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50217,"status":200,"time_taken":369780,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:27.370929Z","timestamp":"2021-04-21T08:01:27.001362Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cf2e73aa-7524-459d-aeb5-aa41975c6a61","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50217,"status":200,"time_taken":369770,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:29.427436Z","timestamp":"2021-04-21T08:01:29.056276Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4a788717-f7bb-41e8-810e-155d33e4034c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63056,"status":200,"time_taken":371390,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:30.530282Z","timestamp":"2021-04-21T08:01:30.162639Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1f03e284-b615-441e-8c56-8a8dcab57425","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54530,"status":200,"time_taken":367853,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:32.554026Z","timestamp":"2021-04-21T08:01:32.183278Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d200cf3d-b809-4abe-8dfb-6df80e881659","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50218,"status":200,"time_taken":370866,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:32.559634Z","timestamp":"2021-04-21T08:01:32.188951Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"06725465-ddeb-4b55-96ea-ab853877401a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50218,"status":200,"time_taken":370907,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:34.514406Z","timestamp":"2021-04-21T08:01:34.149969Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3a37c804-da30-4bb0-afe7-8d3f536aab1e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63059,"status":200,"time_taken":364785,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:36.401043Z","timestamp":"2021-04-21T08:01:36.032269Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6209e45c-8e4c-46ec-b2a6-e8d7be15ec9a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54532,"status":200,"time_taken":368980,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:38.476851Z","timestamp":"2021-04-21T08:01:38.105192Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1bbafe63-af30-4761-9c96-cd06a07565ef","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50219,"status":200,"time_taken":371721,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:38.482469Z","timestamp":"2021-04-21T08:01:38.111019Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"eb6ced32-5e6f-494c-a6b3-1dda93b88606","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50219,"status":200,"time_taken":371728,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:39.598151Z","timestamp":"2021-04-21T08:01:39.227877Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"95794796-cedf-47c9-8399-0f10227d3e1d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63060,"status":200,"time_taken":370570,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:41.516069Z","timestamp":"2021-04-21T08:01:41.152777Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"045ad393-2f81-4fef-a60e-44b7a63feaa9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54534,"status":200,"time_taken":363491,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:44.392108Z","timestamp":"2021-04-21T08:01:44.027134Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ab2e11c5-7004-43d9-8315-2d0b2fbdb72e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50220,"status":200,"time_taken":365018,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:44.397730Z","timestamp":"2021-04-21T08:01:44.032917Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"210ae670-38f7-46b4-a9fa-824e0aaadbea","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50220,"status":200,"time_taken":364983,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:45.485407Z","timestamp":"2021-04-21T08:01:45.118237Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9bdaecb2-1c35-45f4-b084-012f83b4c36b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63061,"status":200,"time_taken":367444,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:47.384379Z","timestamp":"2021-04-21T08:01:47.018030Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"19a85dc5-2bdc-4413-a27a-d6c23148c83d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54536,"status":200,"time_taken":366620,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:50.427692Z","timestamp":"2021-04-21T08:01:50.058490Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f2f8d30a-c972-435d-ad36-087441aa961f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50221,"status":200,"time_taken":369304,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:50.433284Z","timestamp":"2021-04-21T08:01:50.064268Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ee710865-0086-4f3b-be71-3d3db6137be3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50221,"status":200,"time_taken":369214,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:50.578619Z","timestamp":"2021-04-21T08:01:50.211918Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"779b9e1d-bebe-4bde-b5ac-9d20aa12aca7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63062,"status":200,"time_taken":367024,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:52.504711Z","timestamp":"2021-04-21T08:01:52.136158Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e2a939f2-0fe8-4a73-9b7c-aa126c05f168","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54538,"status":200,"time_taken":368762,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:55.591041Z","timestamp":"2021-04-21T08:01:55.230352Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"69631cd3-4ba9-463c-8440-8694cef4dce8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50222,"status":200,"time_taken":360712,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:01:55.596749Z","timestamp":"2021-04-21T08:01:55.236152Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0f3f97e4-1c02-4fbe-9c1f-a62db455fed2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50222,"status":200,"time_taken":360784,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:56.463018Z","timestamp":"2021-04-21T08:01:56.102291Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1fd3b187-4cc3-4b09-895b-f66d7734c446","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63063,"status":200,"time_taken":360974,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:01:58.370872Z","timestamp":"2021-04-21T08:01:58.006624Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"19fc3216-c524-44c3-9f50-3f09ff53212f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54540,"status":200,"time_taken":364488,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:01.521445Z","timestamp":"2021-04-21T08:02:01.152319Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"893b864a-948b-437d-806f-21434e4afa84","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50223,"status":200,"time_taken":369183,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:01.527117Z","timestamp":"2021-04-21T08:02:01.158152Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f0553d04-1bf4-4d86-b4da-98617374d041","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50223,"status":200,"time_taken":369174,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:01.585939Z","timestamp":"2021-04-21T08:02:01.211845Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dea853df-44cf-43dd-aab2-5137eec9babb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63064,"status":200,"time_taken":374360,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:03.483460Z","timestamp":"2021-04-21T08:02:03.122638Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"81599381-f6ec-4dc3-af69-e4c3eda21c7d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54542,"status":200,"time_taken":361028,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:07.429859Z","timestamp":"2021-04-21T08:02:07.055114Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2a2f5a62-97c5-4094-9b6d-15322828efb3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63065,"status":200,"time_taken":374996,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:07.483568Z","timestamp":"2021-04-21T08:02:07.121144Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5213434a-7b41-4fc5-9446-3d35c7c59971","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50225,"status":200,"time_taken":362484,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:07.489242Z","timestamp":"2021-04-21T08:02:07.126972Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"651cd07f-e83b-4cae-b6e3-18ada17319aa","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50225,"status":200,"time_taken":362442,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:08.608871Z","timestamp":"2021-04-21T08:02:08.235382Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bf6000d0-628d-4188-a10a-4cb164dc4935","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54544,"status":200,"time_taken":373765,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:09.003090Z","timestamp":"2021-04-21T08:02:09.003090Z","count":1,"dest_ip":"8.248.119.254","site":"ctldl.windowsupdate.com","status":304,"uri_path":"/msdownload/update/v3/static/trustedr/en/authrootstl.cab","sum(bytes_in)":280,"sum(bytes_out)":335,"sum(time_taken)":1836} {"endtime":"2021-04-21T08:02:09.003090Z","timestamp":"2021-04-21T08:02:09.003090Z","count":1,"dest_ip":"8.248.119.254","status":304} {"endtime":"2021-04-21T08:02:09.003090Z","timestamp":"2021-04-21T08:02:09.003090Z","count":1,"dest_ip":"8.248.119.254","sum(time_taken)":1836} {"endtime":"2021-04-21T08:02:09.003090Z","timestamp":"2021-04-21T08:02:09.003090Z","count":1,"c_ip":"10.0.1.15","sum(bytes_in)":280,"sum(bytes_out)":335,"sum(time_taken)":1836} {"endtime":"2021-04-21T08:02:12.510530Z","timestamp":"2021-04-21T08:02:12.133131Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"62e471a4-9afb-49c0-83af-3067f2bd6ae2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63066,"status":200,"time_taken":377629,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:13.473980Z","timestamp":"2021-04-21T08:02:13.115562Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9497efee-0cd9-46e2-95ea-40e3c087b1f7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50226,"status":200,"time_taken":358462,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:13.479692Z","timestamp":"2021-04-21T08:02:13.121394Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a7b0c77d-93f2-45d6-8c46-206c42cbd978","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50226,"status":200,"time_taken":358435,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:14.472641Z","timestamp":"2021-04-21T08:02:14.110604Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d890dd4b-ea19-4203-bc5d-45e5c8a5d281","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54546,"status":200,"time_taken":362216,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:17.603010Z","timestamp":"2021-04-21T08:02:17.226729Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"34472f70-fbe2-4c27-a2f4-10dad37d13d6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63067,"status":200,"time_taken":376539,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:18.388568Z","timestamp":"2021-04-21T08:02:18.387688Z","bytes":1896,"bytes_in":731,"bytes_out":1165,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&_=1618990005125","http_comment":"HTTP/1.1 200 OK","http_content_length":416,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005125 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":880,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005125"} {"endtime":"2021-04-21T08:02:18.392190Z","timestamp":"2021-04-21T08:02:18.391797Z","bytes":1892,"bytes_in":731,"bytes_out":1161,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&_=1618989993122","http_comment":"HTTP/1.1 200 OK","http_content_length":416,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993122 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":393,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993122"} {"endtime":"2021-04-21T08:02:18.393663Z","timestamp":"2021-04-21T08:02:18.392170Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":1493,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T08:02:18.393735Z","timestamp":"2021-04-21T08:02:18.392169Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":1566,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T08:02:18.396058Z","timestamp":"2021-04-21T08:02:18.395826Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005126","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005126 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":232,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005126"} {"endtime":"2021-04-21T08:02:18.396134Z","timestamp":"2021-04-21T08:02:18.395826Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993123","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993123 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":308,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993123"} {"endtime":"2021-04-21T08:02:19.462234Z","timestamp":"2021-04-21T08:02:19.084464Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3a3529e9-2c6d-417d-ac86-1e16df57e52f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50227,"status":200,"time_taken":377833,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:19.467753Z","timestamp":"2021-04-21T08:02:19.090323Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"eb71c6ed-01d2-4619-8d6c-29d0e872c2e0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50227,"status":200,"time_taken":377586,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:19.592103Z","timestamp":"2021-04-21T08:02:19.224367Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d96fad5a-3a08-4f73-be44-865b30bb85d7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54550,"status":200,"time_taken":367933,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:23.145011Z","timestamp":"2021-04-21T08:02:23.145011Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5786,"sum(time_taken)":5733} {"endtime":"2021-04-21T08:02:23.145011Z","timestamp":"2021-04-21T08:02:23.145011Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4029621} {"endtime":"2021-04-21T08:02:23.145011Z","timestamp":"2021-04-21T08:02:23.145011Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3675023} {"endtime":"2021-04-21T08:02:23.145011Z","timestamp":"2021-04-21T08:02:23.145011Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4071146} {"endtime":"2021-04-21T08:02:23.145084Z","timestamp":"2021-04-21T08:02:23.145084Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":11781523} {"endtime":"2021-04-21T08:02:23.145092Z","timestamp":"2021-04-21T08:02:23.145092Z","count":38,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:02:23.145099Z","timestamp":"2021-04-21T08:02:23.145099Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1338} {"endtime":"2021-04-21T08:02:23.145099Z","timestamp":"2021-04-21T08:02:23.145099Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":2053} {"endtime":"2021-04-21T08:02:23.145099Z","timestamp":"2021-04-21T08:02:23.145099Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2318,"sum(time_taken)":1728} {"endtime":"2021-04-21T08:02:23.145099Z","timestamp":"2021-04-21T08:02:23.145099Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":614} {"endtime":"2021-04-21T08:02:23.145099Z","timestamp":"2021-04-21T08:02:23.145099Z","count":32,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5344,"sum(bytes_out)":32512,"sum(time_taken)":11775790} {"endtime":"2021-04-21T08:02:23.460117Z","timestamp":"2021-04-21T08:02:23.086693Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e2b7fa34-9dd6-4db5-a626-a7985f0c17f3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63068,"status":200,"time_taken":373667,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:25.454787Z","timestamp":"2021-04-21T08:02:25.084543Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"62d42d15-bec4-45c4-a026-6ca2cf27b57c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50228,"status":200,"time_taken":370310,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:25.460345Z","timestamp":"2021-04-21T08:02:25.094200Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fab068bd-905a-41d8-8fc2-b3f3bef8018a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54552,"status":200,"time_taken":366375,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:25.460580Z","timestamp":"2021-04-21T08:02:25.090504Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7cd4a39c-073d-443b-bc25-a2204b8f8401","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50228,"status":200,"time_taken":370295,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:26.205235Z","timestamp":"2021-04-21T08:02:26.205235Z","count":1,"dest_ip":"8.248.119.254","site":"ctldl.windowsupdate.com","status":304,"uri_path":"/msdownload/update/v3/static/trustedr/en/authrootstl.cab","sum(bytes_in)":280,"sum(bytes_out)":335,"sum(time_taken)":1529} {"endtime":"2021-04-21T08:02:26.205235Z","timestamp":"2021-04-21T08:02:26.205235Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4045673} {"endtime":"2021-04-21T08:02:26.205226Z","timestamp":"2021-04-21T08:02:26.205226Z","count":1,"dest_ip":"8.248.119.254","status":304} {"endtime":"2021-04-21T08:02:26.205226Z","timestamp":"2021-04-21T08:02:26.205226Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:02:26.205214Z","timestamp":"2021-04-21T08:02:26.205214Z","count":1,"dest_ip":"8.248.119.254","sum(time_taken)":1529} {"endtime":"2021-04-21T08:02:26.205214Z","timestamp":"2021-04-21T08:02:26.205214Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4045673} {"endtime":"2021-04-21T08:02:26.205162Z","timestamp":"2021-04-21T08:02:26.205162Z","count":12,"c_ip":"10.0.1.15","sum(bytes_in)":2117,"sum(bytes_out)":11511,"sum(time_taken)":4047202} {"endtime":"2021-04-21T08:02:28.581104Z","timestamp":"2021-04-21T08:02:28.210689Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"000bc300-37cd-470b-9c56-4d207c2ea131","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63069,"status":200,"time_taken":370650,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:30.573384Z","timestamp":"2021-04-21T08:02:30.212301Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8d5f598b-b10a-447d-b566-5b96698f0f5b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54554,"status":200,"time_taken":361339,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:31.391487Z","timestamp":"2021-04-21T08:02:31.022076Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"10575b31-9d37-48f9-91ae-8fa7978443d1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50229,"status":200,"time_taken":369449,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:31.397241Z","timestamp":"2021-04-21T08:02:31.028000Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"adf1aeba-a024-4e70-9518-f2760c13cf78","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50229,"status":200,"time_taken":369399,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:34.480818Z","timestamp":"2021-04-21T08:02:34.116770Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"96809b1b-8b84-42a7-8e1d-0d6361b10132","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63072,"status":200,"time_taken":364281,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:36.445249Z","timestamp":"2021-04-21T08:02:36.075248Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d51a5fe9-11af-4f5d-bbfa-ebdc60797a72","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54556,"status":200,"time_taken":370245,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:36.562496Z","timestamp":"2021-04-21T08:02:36.194044Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7621d8c8-b632-4895-b5bf-e8bc482f4925","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50230,"status":200,"time_taken":368497,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:36.568168Z","timestamp":"2021-04-21T08:02:36.199966Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ca7fb513-13bb-4d5a-8ab3-28ff0ed76f45","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50230,"status":200,"time_taken":368398,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:39.594184Z","timestamp":"2021-04-21T08:02:39.226045Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"394d0491-cca7-4962-9832-10c45a900e21","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63073,"status":200,"time_taken":368408,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:41.567923Z","timestamp":"2021-04-21T08:02:41.196974Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c96c06f3-fe49-490c-bcc2-3810e4f7acb7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54558,"status":200,"time_taken":371194,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:42.537124Z","timestamp":"2021-04-21T08:02:42.162904Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"515918a2-71c5-44ec-bc21-e2e360bda744","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50231,"status":200,"time_taken":374276,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:42.542879Z","timestamp":"2021-04-21T08:02:42.168869Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"55ea97ce-7751-4482-a351-67f2a0731b98","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50231,"status":200,"time_taken":374233,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:45.460993Z","timestamp":"2021-04-21T08:02:45.085253Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3fd4e7-c220-407f-877d-89cfc6387c05","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63074,"status":200,"time_taken":376022,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:47.436736Z","timestamp":"2021-04-21T08:02:47.069728Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"af35e375-de93-4a87-9410-33d55ec10613","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54560,"status":200,"time_taken":367301,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:48.539684Z","timestamp":"2021-04-21T08:02:48.162993Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6d9d4351-423a-4885-bd50-edd80662cb1b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50232,"status":200,"time_taken":376740,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:48.545509Z","timestamp":"2021-04-21T08:02:48.168980Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1f72b571-ac4c-4bdf-aced-17e033c57d8e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50232,"status":200,"time_taken":376736,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:50.581465Z","timestamp":"2021-04-21T08:02:50.210206Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d22bb967-5dbb-4747-af37-37c85216ca2a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63075,"status":200,"time_taken":371558,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:52.552717Z","timestamp":"2021-04-21T08:02:52.188524Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7e2e5418-cf92-479b-9de4-5589dee38453","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54562,"status":200,"time_taken":364397,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:54.482599Z","timestamp":"2021-04-21T08:02:54.116198Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3f670953-2d81-4032-84ba-d9a38321d273","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50233,"status":200,"time_taken":366456,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:02:54.488441Z","timestamp":"2021-04-21T08:02:54.122230Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"292cbdd9-43e2-42bd-aa19-2b5b469f4d3d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50233,"status":200,"time_taken":366477,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:56.490787Z","timestamp":"2021-04-21T08:02:56.116195Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"35d569f7-4298-453d-b7ce-3b44baceee22","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63076,"status":200,"time_taken":374857,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:02:58.419240Z","timestamp":"2021-04-21T08:02:58.054412Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f6d8b3c1-588d-47c1-a74b-54e50ce4ff3e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54564,"status":200,"time_taken":365058,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:00.490476Z","timestamp":"2021-04-21T08:03:00.116250Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4169807c-eb7d-4bbd-af8b-f6ffe852fdee","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50234,"status":200,"time_taken":374275,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:00.496343Z","timestamp":"2021-04-21T08:03:00.122296Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a2b9871c-c825-4b67-b10e-ed483fc8053b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50234,"status":200,"time_taken":374258,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:01.584856Z","timestamp":"2021-04-21T08:03:01.209950Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a76c9772-2844-41c6-abdd-12be5ab5e935","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63077,"status":200,"time_taken":375295,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:03.547606Z","timestamp":"2021-04-21T08:03:03.171086Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"70420764-2c45-425c-99f6-71cb5f28630a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54566,"status":200,"time_taken":376738,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:06.451140Z","timestamp":"2021-04-21T08:03:06.085028Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c23b8e9e-8d5f-4592-af8f-9e2b7a086831","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50235,"status":200,"time_taken":366165,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:06.457044Z","timestamp":"2021-04-21T08:03:06.091058Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bed75ff9-03b3-44f7-a097-8dfc9d61a980","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50235,"status":200,"time_taken":366199,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:07.484132Z","timestamp":"2021-04-21T08:03:07.115860Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8c100d1d-1743-41b6-90e7-91491c2cebb2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63078,"status":200,"time_taken":368536,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:09.424612Z","timestamp":"2021-04-21T08:03:09.049328Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"641f9b65-f265-4e2b-8672-7ba03d1bec85","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54568,"status":200,"time_taken":375509,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:12.481660Z","timestamp":"2021-04-21T08:03:12.114692Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8665ddbb-2464-484e-bb94-4a3eb58cdf50","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50237,"status":200,"time_taken":367029,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:12.487568Z","timestamp":"2021-04-21T08:03:12.120744Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"36101b74-a415-4c23-aaa0-b9b0984afad4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50237,"status":200,"time_taken":367003,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:12.582324Z","timestamp":"2021-04-21T08:03:12.209885Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d2070ed4-8b90-4571-9564-c30ebbcc8efe","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63079,"status":200,"time_taken":373160,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:14.540142Z","timestamp":"2021-04-21T08:03:14.176552Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9474e4ce-19b6-4222-b405-bac9060f92f7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54570,"status":200,"time_taken":363896,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:18.403853Z","timestamp":"2021-04-21T08:03:18.403035Z","bytes":1894,"bytes_in":731,"bytes_out":1163,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&_=1618989993124","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993124 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":818,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993124"} {"endtime":"2021-04-21T08:03:18.403934Z","timestamp":"2021-04-21T08:03:18.403035Z","bytes":1894,"bytes_in":731,"bytes_out":1163,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618990005127","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005127 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":899,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005127"} {"endtime":"2021-04-21T08:03:18.404228Z","timestamp":"2021-04-21T08:03:18.404001Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993125","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993125 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":227,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993125"} {"endtime":"2021-04-21T08:03:18.404390Z","timestamp":"2021-04-21T08:03:18.404103Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005128","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005128 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":287,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005128"} {"endtime":"2021-04-21T08:03:18.405203Z","timestamp":"2021-04-21T08:03:18.403505Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":1698,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T08:03:18.405356Z","timestamp":"2021-04-21T08:03:18.404103Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":1253,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T08:03:18.426013Z","timestamp":"2021-04-21T08:03:18.052333Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"56e596ef-7c84-4035-8f3d-f5b5d20da121","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50238,"status":200,"time_taken":373744,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:18.431948Z","timestamp":"2021-04-21T08:03:18.058410Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e20c3df7-eb82-43bf-8d6e-3f88a7d65226","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50238,"status":200,"time_taken":373751,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:18.477851Z","timestamp":"2021-04-21T08:03:18.115545Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2363ca2e-7db5-4d0d-a865-337e702f4f42","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63080,"status":200,"time_taken":362563,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:20.410721Z","timestamp":"2021-04-21T08:03:20.041993Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"51f7c3b6-9740-4e31-a423-72e5aaa2d376","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54574,"status":200,"time_taken":369023,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:23.234490Z","timestamp":"2021-04-21T08:03:23.234490Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5794,"sum(time_taken)":4872} {"endtime":"2021-04-21T08:03:23.234490Z","timestamp":"2021-04-21T08:03:23.234490Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4051075} {"endtime":"2021-04-21T08:03:23.234490Z","timestamp":"2021-04-21T08:03:23.234490Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3706749} {"endtime":"2021-04-21T08:03:23.234490Z","timestamp":"2021-04-21T08:03:23.234490Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4078997} {"endtime":"2021-04-21T08:03:23.234563Z","timestamp":"2021-04-21T08:03:23.234563Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":11841693} {"endtime":"2021-04-21T08:03:23.234571Z","timestamp":"2021-04-21T08:03:23.234571Z","count":38,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:03:23.234578Z","timestamp":"2021-04-21T08:03:23.234578Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1493} {"endtime":"2021-04-21T08:03:23.234578Z","timestamp":"2021-04-21T08:03:23.234578Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1566} {"endtime":"2021-04-21T08:03:23.234578Z","timestamp":"2021-04-21T08:03:23.234578Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2326,"sum(time_taken)":1273} {"endtime":"2021-04-21T08:03:23.234578Z","timestamp":"2021-04-21T08:03:23.234578Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":540} {"endtime":"2021-04-21T08:03:23.234578Z","timestamp":"2021-04-21T08:03:23.234578Z","count":32,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5344,"sum(bytes_out)":32512,"sum(time_taken)":11836821} {"endtime":"2021-04-21T08:03:23.540090Z","timestamp":"2021-04-21T08:03:23.177849Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6c1573de-8387-40e0-b8de-8971a5c8377c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63081,"status":200,"time_taken":362489,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:24.436717Z","timestamp":"2021-04-21T08:03:24.067970Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"794ee49b-24e8-41d3-bc46-4719cddc2652","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50239,"status":200,"time_taken":368800,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:24.442665Z","timestamp":"2021-04-21T08:03:24.074082Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6e005778-ce57-413e-bc01-7435d07f48c7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50239,"status":200,"time_taken":368752,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:25.528927Z","timestamp":"2021-04-21T08:03:25.163088Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"85a766c9-3fc1-4b19-bb29-ffc40b0cc8f2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54576,"status":200,"time_taken":366130,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:27.023653Z","timestamp":"2021-04-21T08:03:27.023653Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3705431} {"endtime":"2021-04-21T08:03:27.023648Z","timestamp":"2021-04-21T08:03:27.023648Z","count":10,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:03:27.023641Z","timestamp":"2021-04-21T08:03:27.023641Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3705431} {"endtime":"2021-04-21T08:03:27.023589Z","timestamp":"2021-04-21T08:03:27.023589Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3705431} {"endtime":"2021-04-21T08:03:28.589509Z","timestamp":"2021-04-21T08:03:28.224596Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8be716da-eab0-4c72-88f1-fd3e824475d0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63082,"status":200,"time_taken":365167,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:29.554757Z","timestamp":"2021-04-21T08:03:29.193359Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"463dcff7-fafb-4c3e-9b82-ee8f6be3c7d2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50240,"status":200,"time_taken":361442,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:29.560782Z","timestamp":"2021-04-21T08:03:29.199461Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"df04c205-5057-4a32-af3c-7f591ac770ee","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50240,"status":200,"time_taken":361476,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:31.393714Z","timestamp":"2021-04-21T08:03:31.030869Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a2ecf154-0ab1-4a23-9e41-26480bf55fc9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54578,"status":200,"time_taken":363084,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:33.619608Z","timestamp":"2021-04-21T08:03:33.255701Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0b6dc5af-1fc2-4442-8c99-1e2b2ff46f26","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63085,"status":200,"time_taken":364127,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:35.550889Z","timestamp":"2021-04-21T08:03:35.193378Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c8c2cafe-974b-44d9-980d-a3b35d428ca7","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50241,"status":200,"time_taken":357555,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:35.556891Z","timestamp":"2021-04-21T08:03:35.199502Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0c24bf72-8800-4805-9d04-fa4b41070b8a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50241,"status":200,"time_taken":357536,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:36.514886Z","timestamp":"2021-04-21T08:03:36.145348Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0021d627-0adb-41e2-aef0-02a18dbd3d3b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54580,"status":200,"time_taken":369720,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:39.539660Z","timestamp":"2021-04-21T08:03:39.176875Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5baea86b-dba6-43df-96cd-c8cafb73b6fd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63089,"status":200,"time_taken":363026,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:41.492703Z","timestamp":"2021-04-21T08:03:41.115408Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a7f3d645-2ba0-4e25-860f-be83e5085e68","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50242,"status":200,"time_taken":377329,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:41.498737Z","timestamp":"2021-04-21T08:03:41.121594Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b5b0d395-9749-43b0-9a34-ba8197121136","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50242,"status":200,"time_taken":377291,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:42.396565Z","timestamp":"2021-04-21T08:03:42.016696Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b6143a96-9514-4a89-ab36-5077e26537c0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54582,"status":200,"time_taken":380084,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:44.611646Z","timestamp":"2021-04-21T08:03:44.239724Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fa1c9834-202f-4b5d-ac4e-089f3b564c13","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63090,"status":200,"time_taken":372195,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:47.483682Z","timestamp":"2021-04-21T08:03:47.115461Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b0f71879-0ab5-4f70-bd31-196acc37b395","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50243,"status":200,"time_taken":368278,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:47.489723Z","timestamp":"2021-04-21T08:03:47.121648Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ab26b061-61c3-4c47-990e-1bb85ac40382","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50243,"status":200,"time_taken":368287,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:47.507919Z","timestamp":"2021-04-21T08:03:47.148254Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"af44054c-60c5-437a-8292-a2c9b1bb1df4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54584,"status":200,"time_taken":359875,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:50.522321Z","timestamp":"2021-04-21T08:03:50.161445Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1f869041-8751-4154-8a45-befcceb189ff","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63091,"status":200,"time_taken":361136,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:52.488333Z","timestamp":"2021-04-21T08:03:52.118931Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ac18fbdd-da45-4d96-a7fe-5a4fd4af972f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50244,"status":200,"time_taken":369443,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:52.494375Z","timestamp":"2021-04-21T08:03:52.125135Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9b12c2ee-31e9-49ed-bd73-917f4cb0aca2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50244,"status":200,"time_taken":369402,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:53.372579Z","timestamp":"2021-04-21T08:03:53.009720Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dfb1d46b-8d96-4da7-a724-8956ea23229d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54586,"status":200,"time_taken":363081,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:55.603140Z","timestamp":"2021-04-21T08:03:55.239379Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c3080f4d-e597-4d4d-9a53-a97433603936","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63092,"status":200,"time_taken":363998,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:58.422270Z","timestamp":"2021-04-21T08:03:58.056511Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e33f920a-eacd-4137-a7a0-a6abd6363b80","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50245,"status":200,"time_taken":365835,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:03:58.428371Z","timestamp":"2021-04-21T08:03:58.062724Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"477a8229-bce8-4b1f-ba18-5921910d9e21","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50245,"status":200,"time_taken":365823,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:03:58.489697Z","timestamp":"2021-04-21T08:03:58.124031Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a27239a8-6a7a-4934-8951-423691d8f6e2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54588,"status":200,"time_taken":365863,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:01.543394Z","timestamp":"2021-04-21T08:04:01.176760Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9be7780e-ce66-42f3-9a3e-c21e13802142","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63093,"status":200,"time_taken":366889,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:03.562171Z","timestamp":"2021-04-21T08:04:03.197264Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9323b894-aef4-40ec-8df1-dc589f758f48","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50246,"status":200,"time_taken":364947,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:03.568291Z","timestamp":"2021-04-21T08:04:03.203557Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e9ac3012-f6ea-467b-891f-c3b1250f738e","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50246,"status":200,"time_taken":365044,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:03.607970Z","timestamp":"2021-04-21T08:04:03.241420Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cd4569e1-50e8-44b0-99eb-725e1ab003c8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54590,"status":200,"time_taken":366793,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:06.639582Z","timestamp":"2021-04-21T08:04:06.270361Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a4f47075-ead8-4a8b-a154-6e362736dd46","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63094,"status":200,"time_taken":369489,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:08.577593Z","timestamp":"2021-04-21T08:04:08.213009Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bec8dd92-c90a-4c2b-9552-00c6f51c2ab1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50248,"status":200,"time_taken":364633,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:08.583743Z","timestamp":"2021-04-21T08:04:08.219249Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0bb90e42-886e-4322-97e7-d0a7c1d6707a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50248,"status":200,"time_taken":364779,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:09.475575Z","timestamp":"2021-04-21T08:04:09.109795Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"34f5779e-f666-4914-ad04-58624d356ba6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54592,"status":200,"time_taken":365995,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:12.506335Z","timestamp":"2021-04-21T08:04:12.129619Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a82cabc4-a73d-46a9-8bf8-e3ebb3c2606d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63095,"status":200,"time_taken":376983,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:14.534063Z","timestamp":"2021-04-21T08:04:14.164481Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a7a399a6-3c72-4108-93a4-d7c63fcf8eef","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50249,"status":200,"time_taken":369635,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:14.540183Z","timestamp":"2021-04-21T08:04:14.170759Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0da5815b-1a1f-4b5a-ad69-4a62ea6a9362","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50249,"status":200,"time_taken":369613,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:14.593068Z","timestamp":"2021-04-21T08:04:14.227276Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f33a9adb-d87a-42a4-af55-21bf111622f0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54594,"status":200,"time_taken":366022,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:18.416726Z","timestamp":"2021-04-21T08:04:18.416002Z","bytes":1894,"bytes_in":731,"bytes_out":1163,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618989993126","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993126 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":724,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993126"} {"endtime":"2021-04-21T08:04:18.416835Z","timestamp":"2021-04-21T08:04:18.416003Z","bytes":1894,"bytes_in":731,"bytes_out":1163,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&_=1618990005129","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005129 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":832,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005129"} {"endtime":"2021-04-21T08:04:18.417304Z","timestamp":"2021-04-21T08:04:18.417091Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005130","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005130 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":213,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005130"} {"endtime":"2021-04-21T08:04:18.417373Z","timestamp":"2021-04-21T08:04:18.417091Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993127","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993127 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":282,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993127"} {"endtime":"2021-04-21T08:04:18.418284Z","timestamp":"2021-04-21T08:04:18.417026Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":1258,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T08:04:18.418336Z","timestamp":"2021-04-21T08:04:18.416747Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":1589,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T08:04:18.468521Z","timestamp":"2021-04-21T08:04:18.098113Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dff78097-5550-4ec1-820c-0105fce5e350","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63096,"status":200,"time_taken":370697,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:20.468113Z","timestamp":"2021-04-21T08:04:20.094948Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"464e2eaa-7443-413c-8f29-c5240d0daf2d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54598,"status":200,"time_taken":373522,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:20.512069Z","timestamp":"2021-04-21T08:04:20.148911Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b16b1a8a-e59c-4b09-b4d5-e465c7e99f6f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50250,"status":200,"time_taken":363241,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:20.518231Z","timestamp":"2021-04-21T08:04:20.155213Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4a75b362-848e-46f7-a5fa-50186498cf66","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50250,"status":200,"time_taken":363178,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:23.572441Z","timestamp":"2021-04-21T08:04:23.207384Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6585dc76-9fa3-438e-bc6b-3f34b4c64032","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63097,"status":200,"time_taken":365399,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:24.052146Z","timestamp":"2021-04-21T08:04:24.052146Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5794,"sum(time_taken)":5182} {"endtime":"2021-04-21T08:04:24.052146Z","timestamp":"2021-04-21T08:04:24.052146Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4040169} {"endtime":"2021-04-21T08:04:24.052146Z","timestamp":"2021-04-21T08:04:24.052146Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4031181} {"endtime":"2021-04-21T08:04:24.052146Z","timestamp":"2021-04-21T08:04:24.052146Z","count":12,"c_ip":"10.0.1.14","sum(bytes_in)":2004,"sum(bytes_out)":12192,"sum(time_taken)":4401595} {"endtime":"2021-04-21T08:04:24.052214Z","timestamp":"2021-04-21T08:04:24.052214Z","count":40,"dest_ip":"10.0.1.12","sum(time_taken)":12478127} {"endtime":"2021-04-21T08:04:24.052222Z","timestamp":"2021-04-21T08:04:24.052222Z","count":40,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:04:24.052228Z","timestamp":"2021-04-21T08:04:24.052228Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1253} {"endtime":"2021-04-21T08:04:24.052228Z","timestamp":"2021-04-21T08:04:24.052228Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1698} {"endtime":"2021-04-21T08:04:24.052228Z","timestamp":"2021-04-21T08:04:24.052228Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2326,"sum(time_taken)":1717} {"endtime":"2021-04-21T08:04:24.052228Z","timestamp":"2021-04-21T08:04:24.052228Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":514} {"endtime":"2021-04-21T08:04:24.052228Z","timestamp":"2021-04-21T08:04:24.052228Z","count":34,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5678,"sum(bytes_out)":34544,"sum(time_taken)":12472945} {"endtime":"2021-04-21T08:04:25.584537Z","timestamp":"2021-04-21T08:04:25.220339Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"aba38248-18ed-47e1-aff7-10f5dd557b46","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54600,"status":200,"time_taken":364431,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:26.499829Z","timestamp":"2021-04-21T08:04:26.133425Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"be0635b0-1576-42d3-a869-679137fcfd0a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50251,"status":200,"time_taken":366468,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:26.505995Z","timestamp":"2021-04-21T08:04:26.139768Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"968b9778-12d2-4ec4-afc4-65bd168030fa","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50251,"status":200,"time_taken":366457,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:27.078984Z","timestamp":"2021-04-21T08:04:27.078984Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4028806} {"endtime":"2021-04-21T08:04:27.078979Z","timestamp":"2021-04-21T08:04:27.078979Z","count":11,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:04:27.078972Z","timestamp":"2021-04-21T08:04:27.078972Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4028806} {"endtime":"2021-04-21T08:04:27.078919Z","timestamp":"2021-04-21T08:04:27.078919Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4028806} {"endtime":"2021-04-21T08:04:29.447196Z","timestamp":"2021-04-21T08:04:29.066621Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3c958bcb-3c72-47dc-9c02-65132cecbcdd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63098,"status":200,"time_taken":380861,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:31.463414Z","timestamp":"2021-04-21T08:04:31.086423Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5268fd01-5612-402d-8d55-e47da6a0a5f8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54602,"status":200,"time_taken":377205,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:32.442360Z","timestamp":"2021-04-21T08:04:32.072875Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"26fc2102-1e45-4ff6-8015-e356e5b096ad","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50252,"status":200,"time_taken":369548,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:32.448573Z","timestamp":"2021-04-21T08:04:32.079253Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4a5ac699-6917-4507-9847-b1b340039aa1","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50252,"status":200,"time_taken":369485,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:34.574189Z","timestamp":"2021-04-21T08:04:34.206939Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d93c2c2f-823c-4cc0-85d3-f1cdab04d418","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63101,"status":200,"time_taken":367476,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:36.589237Z","timestamp":"2021-04-21T08:04:36.215274Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6a67a807-d686-481a-a2df-1964f485e195","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54604,"status":200,"time_taken":374298,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:37.450658Z","timestamp":"2021-04-21T08:04:37.088625Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"926515b6-992d-4b8f-a9a9-dcdcb97b7f98","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50253,"status":200,"time_taken":362073,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:37.456876Z","timestamp":"2021-04-21T08:04:37.095005Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"8cc98a35-b559-47fa-baa8-5d72bc34d58c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50253,"status":200,"time_taken":362024,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:40.475516Z","timestamp":"2021-04-21T08:04:40.097554Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bc2839f4-c269-459d-a5ff-547968b25d42","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63102,"status":200,"time_taken":378314,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:42.458830Z","timestamp":"2021-04-21T08:04:42.091058Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"f6aef30e-9edd-414f-9ccb-16e572bf49fe","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54606,"status":200,"time_taken":368005,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:42.593129Z","timestamp":"2021-04-21T08:04:42.229237Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"94fe1f40-ab23-4442-a654-fec90857b5df","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50254,"status":200,"time_taken":363948,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:42.599383Z","timestamp":"2021-04-21T08:04:42.235612Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c4a7d722-9ed2-4700-9e5e-e3b42532df9f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50254,"status":200,"time_taken":363915,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:45.602890Z","timestamp":"2021-04-21T08:04:45.237964Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"607f2d96-05c4-48ef-9323-729d9f9aa861","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63103,"status":200,"time_taken":365155,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:47.578762Z","timestamp":"2021-04-21T08:04:47.210501Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ee1e8e20-521b-48fc-aae5-315f591bd4e2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54608,"status":200,"time_taken":368518,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:48.586958Z","timestamp":"2021-04-21T08:04:48.213632Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a82ba0fe-b729-43d3-82df-e1114570c335","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50255,"status":200,"time_taken":373380,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:48.593286Z","timestamp":"2021-04-21T08:04:48.220022Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d916de7a-3a7f-4d39-82d8-cf64480a9d17","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50255,"status":200,"time_taken":373419,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:51.510917Z","timestamp":"2021-04-21T08:04:51.144122Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cdc71f39-3272-4c24-af33-a24061bddcb4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63104,"status":200,"time_taken":367082,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:53.457631Z","timestamp":"2021-04-21T08:04:53.080558Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"582326ea-ac76-4561-b1b7-6bcb76d60453","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54610,"status":200,"time_taken":377317,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:54.591687Z","timestamp":"2021-04-21T08:04:54.215008Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"4d0e1528-3c31-4859-abe1-4bb4223c6158","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50256,"status":200,"time_taken":376721,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:04:54.597927Z","timestamp":"2021-04-21T08:04:54.221428Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e05816bd-25e8-49c3-8bda-d8f6a00c0414","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50256,"status":200,"time_taken":376679,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:56.606013Z","timestamp":"2021-04-21T08:04:56.237773Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"dc2cf3f0-3b13-467b-b0cd-da90575afe46","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63105,"status":200,"time_taken":368633,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:04:58.576021Z","timestamp":"2021-04-21T08:04:58.209325Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"95275e90-5419-4cba-80fa-041a3801ab4b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54612,"status":200,"time_taken":366920,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:00.499236Z","timestamp":"2021-04-21T08:05:00.121281Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0be6de0d-535d-44d4-bb2f-7068caac0870","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50257,"status":200,"time_taken":378003,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:00.505526Z","timestamp":"2021-04-21T08:05:00.127763Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"256b2c21-42ce-4b6e-8507-8dcf819ddb32","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50257,"status":200,"time_taken":377931,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:02.527013Z","timestamp":"2021-04-21T08:05:02.160196Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ffb7f516-f779-4a95-bacd-f4935f685cbd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63106,"status":200,"time_taken":367925,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:04.437565Z","timestamp":"2021-04-21T08:05:04.077787Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"74d29525-3c51-490a-b5f0-d06b07cd0d14","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54614,"status":200,"time_taken":359978,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:05.514796Z","timestamp":"2021-04-21T08:05:05.136931Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"efcb6e5b-8913-47ef-95ce-6a6c81467be4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50258,"status":200,"time_taken":377924,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:05.521103Z","timestamp":"2021-04-21T08:05:05.143402Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9e925560-b270-45fa-a0a4-73558aa1a64b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50258,"status":200,"time_taken":377870,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:07.586768Z","timestamp":"2021-04-21T08:05:07.221758Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2c9f0b19-670f-4fc6-a066-2af06ad883a2","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63107,"status":200,"time_taken":365277,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:09.550843Z","timestamp":"2021-04-21T08:05:09.189395Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"602c756a-9e70-4956-a6b2-212b559509a0","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54616,"status":200,"time_taken":361639,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:10.512383Z","timestamp":"2021-04-21T08:05:10.145141Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"be22cff9-845e-428e-b06d-deec13e3247c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50260,"status":200,"time_taken":367288,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:10.518719Z","timestamp":"2021-04-21T08:05:10.151603Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"84f149a3-a174-4b04-9c6d-a4f6a473e606","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50260,"status":200,"time_taken":367264,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:13.489892Z","timestamp":"2021-04-21T08:05:13.127736Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"55990b15-fc98-44aa-b2ef-64f8e9c2ddca","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63108,"status":200,"time_taken":362403,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:15.419816Z","timestamp":"2021-04-21T08:05:15.052593Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"17ac4cdb-3bd0-4858-b3d9-ab137166e9e8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54618,"status":200,"time_taken":367411,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:16.432964Z","timestamp":"2021-04-21T08:05:16.067103Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"49812ae1-08ba-45b7-8880-b536e17e2248","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50261,"status":200,"time_taken":365909,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:16.439271Z","timestamp":"2021-04-21T08:05:16.073627Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"25278bbd-5a20-4d6d-8063-bdeb9cfa3757","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50261,"status":200,"time_taken":365793,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:18.426523Z","timestamp":"2021-04-21T08:05:18.425630Z","bytes":1894,"bytes_in":731,"bytes_out":1163,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&_=1618989993128","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993128 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":893,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993128"} {"endtime":"2021-04-21T08:05:18.426750Z","timestamp":"2021-04-21T08:05:18.425949Z","bytes":1890,"bytes_in":731,"bytes_out":1159,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&_=1618990005131","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005131 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":801,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005131"} {"endtime":"2021-04-21T08:05:18.427505Z","timestamp":"2021-04-21T08:05:18.425790Z","bytes":1683,"bytes_in":917,"bytes_out":766,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":1715,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T08:05:18.429313Z","timestamp":"2021-04-21T08:05:18.429071Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005132","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005132 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":242,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005132"} {"endtime":"2021-04-21T08:05:18.429482Z","timestamp":"2021-04-21T08:05:18.429325Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993129","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993129 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":157,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993129"} {"endtime":"2021-04-21T08:05:18.430531Z","timestamp":"2021-04-21T08:05:18.429071Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":1460,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T08:05:18.578442Z","timestamp":"2021-04-21T08:05:18.205866Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fb6e0263-04d6-488e-aaef-254a5468f49f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63109,"status":200,"time_taken":372874,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:20.544674Z","timestamp":"2021-04-21T08:05:20.171618Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"bf4ee0d3-0c4a-4819-b6cc-78acf7eca6e9","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54622,"status":200,"time_taken":373302,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:21.515269Z","timestamp":"2021-04-21T08:05:21.145338Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2730beb5-6a2b-47e3-9046-8a40c0687053","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50262,"status":200,"time_taken":369996,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:21.521623Z","timestamp":"2021-04-21T08:05:21.151872Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a2a5f7e9-3259-41ea-a20f-8955c63a2120","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50262,"status":200,"time_taken":369947,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:24.141138Z","timestamp":"2021-04-21T08:05:24.141138Z","count":6,"c_ip":"46.128.24.64","sum(bytes_in)":4843,"sum(bytes_out)":5794,"sum(time_taken)":4898} {"endtime":"2021-04-21T08:05:24.141138Z","timestamp":"2021-04-21T08:05:24.141138Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4059024} {"endtime":"2021-04-21T08:05:24.141138Z","timestamp":"2021-04-21T08:05:24.141138Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4070784} {"endtime":"2021-04-21T08:05:24.141138Z","timestamp":"2021-04-21T08:05:24.141138Z","count":10,"c_ip":"10.0.1.14","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3696000} {"endtime":"2021-04-21T08:05:24.141215Z","timestamp":"2021-04-21T08:05:24.141215Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":11830706} {"endtime":"2021-04-21T08:05:24.141224Z","timestamp":"2021-04-21T08:05:24.141224Z","count":38,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:05:24.141231Z","timestamp":"2021-04-21T08:05:24.141231Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control","sum(bytes_in)":917,"sum(bytes_out)":762,"sum(time_taken)":1258} {"endtime":"2021-04-21T08:05:24.141231Z","timestamp":"2021-04-21T08:05:24.141231Z","count":1,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control","sum(bytes_in)":916,"sum(bytes_out)":762,"sum(time_taken)":1589} {"endtime":"2021-04-21T08:05:24.141231Z","timestamp":"2021-04-21T08:05:24.141231Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":1462,"sum(bytes_out)":2326,"sum(time_taken)":1556} {"endtime":"2021-04-21T08:05:24.141231Z","timestamp":"2021-04-21T08:05:24.141231Z","count":2,"dest_ip":"10.0.1.12","site":"18.193.215.146:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1548,"sum(bytes_out)":1944,"sum(time_taken)":495} {"endtime":"2021-04-21T08:05:24.141231Z","timestamp":"2021-04-21T08:05:24.141231Z","count":32,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5344,"sum(bytes_out)":32512,"sum(time_taken)":11825808} {"endtime":"2021-04-21T08:05:24.472981Z","timestamp":"2021-04-21T08:05:24.111963Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e662f67b-d4f2-4d03-b24b-faa930300b7a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63110,"status":200,"time_taken":361278,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:26.413038Z","timestamp":"2021-04-21T08:05:26.046842Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"770a75b2-2c6a-482f-9718-85cf86ff3500","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54624,"status":200,"time_taken":366443,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:27.157098Z","timestamp":"2021-04-21T08:05:27.157098Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3704790} {"endtime":"2021-04-21T08:05:27.157093Z","timestamp":"2021-04-21T08:05:27.157093Z","count":10,"dest_ip":"10.0.1.12","status":200} {"endtime":"2021-04-21T08:05:27.157086Z","timestamp":"2021-04-21T08:05:27.157086Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3704790} {"endtime":"2021-04-21T08:05:27.157034Z","timestamp":"2021-04-21T08:05:27.157034Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3704790} {"endtime":"2021-04-21T08:05:27.416667Z","timestamp":"2021-04-21T08:05:27.051696Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"29ab0bf2-8c01-41b7-82a4-cee3478979c6","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50263,"status":200,"time_taken":365002,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:27.423086Z","timestamp":"2021-04-21T08:05:27.058287Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d034a098-abe7-434d-a700-0b669b4edf0b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50263,"status":200,"time_taken":365000,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:29.571718Z","timestamp":"2021-04-21T08:05:29.205541Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"42a0611a-3a38-4163-93ff-7df820adfbb3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63111,"status":200,"time_taken":366451,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:31.530874Z","timestamp":"2021-04-21T08:05:31.164803Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"31b0b2af-5500-4145-947f-fb61d52eb394","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54626,"status":200,"time_taken":366340,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:32.564559Z","timestamp":"2021-04-21T08:05:32.193348Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1136c5c4-70b4-4d3f-816b-6da66ed2f9b5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50264,"status":200,"time_taken":371255,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:32.571017Z","timestamp":"2021-04-21T08:05:32.199907Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b4c15e50-a369-4705-836f-8cbcd6a9ed8a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50264,"status":200,"time_taken":371360,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:34.640591Z","timestamp":"2021-04-21T08:05:34.267770Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"0d35d80c-9b8f-4236-bf1f-7f7b48e0728b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63114,"status":200,"time_taken":373139,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:37.400850Z","timestamp":"2021-04-21T08:05:37.032809Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5f91b80f-79c4-45ad-a999-cff056f69624","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54628,"status":200,"time_taken":368267,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:38.494073Z","timestamp":"2021-04-21T08:05:38.131191Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d0932687-3efd-4f7b-8d69-510563826d49","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50265,"status":200,"time_taken":362968,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:38.500532Z","timestamp":"2021-04-21T08:05:38.137714Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"1a812bbf-2943-4621-be61-9f767c5a4c3d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50265,"status":200,"time_taken":363075,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:40.509785Z","timestamp":"2021-04-21T08:05:40.142803Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6bc536a3-1b9b-4665-bda3-b8d6a7f9339b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63118,"status":200,"time_taken":367301,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:42.513734Z","timestamp":"2021-04-21T08:05:42.152494Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"899d1bc6-a92d-43cc-a91c-0d0b92adfe1a","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54630,"status":200,"time_taken":361486,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:44.512714Z","timestamp":"2021-04-21T08:05:44.146560Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2c396dcb-28ad-409f-b7fd-69a380569884","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50266,"status":200,"time_taken":366200,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:44.519162Z","timestamp":"2021-04-21T08:05:44.153181Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d571a5d3-3626-4ad8-96d3-39f8152b85cd","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50266,"status":200,"time_taken":366164,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:45.588810Z","timestamp":"2021-04-21T08:05:45.204925Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"01585011-e211-4785-a6fd-7a7e670796b4","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63119,"status":200,"time_taken":384108,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:46.696924Z","timestamp":"2021-04-21T08:05:46.340597Z","bytes":437,"bytes_in":289,"bytes_out":148,"dest_ip":"10.0.1.16","dest_mac":"02:14:7E:A9:30:64","dest_port":80,"flow_id":"3b4d95af-95c8-47a5-bd5f-5c87431a3dd3","form_data":"pwd=123456&username=user_john","http_comment":"HTTP/1.0 200 OK","http_content_type":"text/html","http_method":"POST","http_user_agent":"Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.14393.4350","protocol_stack":"ip:tcp:http:ms_psrp","request":"POST /foo/12345/data HTTP/1.1","server":"BaseHTTP/0.6 Python/3.8.6","site":"10.0.1.16","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63120,"status":200,"time_taken":356359,"transport":"tcp","uri_path":"/foo/12345/data"} {"endtime":"2021-04-21T08:05:47.117832Z","timestamp":"2021-04-21T08:05:47.117832Z","count":1,"dest_ip":"10.0.1.16","site":"10.0.1.16","status":200,"uri_path":"/foo/12345/data","sum(bytes_in)":289,"sum(bytes_out)":148,"sum(time_taken)":356359} {"endtime":"2021-04-21T08:05:47.117832Z","timestamp":"2021-04-21T08:05:47.117832Z","count":1,"dest_ip":"10.0.1.16","status":200} {"endtime":"2021-04-21T08:05:47.117832Z","timestamp":"2021-04-21T08:05:47.117832Z","count":1,"dest_ip":"10.0.1.16","sum(time_taken)":356359} {"endtime":"2021-04-21T08:05:47.117832Z","timestamp":"2021-04-21T08:05:47.117832Z","count":1,"c_ip":"10.0.1.14","sum(bytes_in)":289,"sum(bytes_out)":148,"sum(time_taken)":356359} {"endtime":"2021-04-21T08:05:48.384350Z","timestamp":"2021-04-21T08:05:48.015565Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"d5ba9bf5-785f-423f-8a74-fceb920d311c","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54632,"status":200,"time_taken":369057,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:50.490196Z","timestamp":"2021-04-21T08:05:50.115513Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"e43fba9e-6e6f-495a-8ce7-fd33ff02c324","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50267,"status":200,"time_taken":374756,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:50.496581Z","timestamp":"2021-04-21T08:05:50.122225Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"42e0eeaf-6c13-47f7-999a-2d064f311c71","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50267,"status":200,"time_taken":374532,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:50.639706Z","timestamp":"2021-04-21T08:05:50.267402Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"81d0cfc2-d0aa-4ce9-a3c3-56ceca2eeb49","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63122,"status":200,"time_taken":372573,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:53.504042Z","timestamp":"2021-04-21T08:05:53.136257Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b6b28418-d8d3-4092-92a5-19dbc35b81bf","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54634,"status":200,"time_taken":368102,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:56.480647Z","timestamp":"2021-04-21T08:05:56.115578Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"6c66bd38-f95a-4bb5-930d-96e93e4291a8","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50268,"status":200,"time_taken":365117,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:05:56.487178Z","timestamp":"2021-04-21T08:05:56.122259Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c93cdc0d-edd2-460d-9f6e-416e24bea82d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50268,"status":200,"time_taken":365159,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:56.487372Z","timestamp":"2021-04-21T08:05:56.111246Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5f8cd270-aa3f-42f7-96ff-4f8c04caa70b","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63125,"status":200,"time_taken":376362,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:05:58.623538Z","timestamp":"2021-04-21T08:05:58.255758Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b6ead4d8-70e4-40de-9520-ed776c28feae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54636,"status":200,"time_taken":368025,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:01.579014Z","timestamp":"2021-04-21T08:06:01.206665Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"7f422a24-5aa2-48ee-828b-7ecf347cd087","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63126,"status":200,"time_taken":374683,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:02.451287Z","timestamp":"2021-04-21T08:06:02.084419Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"a72263a0-bf02-487f-979e-4f3606d09ed3","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50269,"status":200,"time_taken":366981,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:06:02.457792Z","timestamp":"2021-04-21T08:06:02.091108Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"5ed8de8e-ece7-48f9-8f0e-975083133747","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50269,"status":200,"time_taken":366933,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:04.489086Z","timestamp":"2021-04-21T08:06:04.125414Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ae81b3b8-ca39-421e-840b-87dda96c441d","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54638,"status":200,"time_taken":363932,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:07.497510Z","timestamp":"2021-04-21T08:06:07.126653Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"da0e049f-fd06-47bc-9e68-8a257c37a300","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63127,"status":200,"time_taken":371081,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:07.614593Z","timestamp":"2021-04-21T08:06:07.240722Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fc8a98a9-e71d-430b-8dd6-e9195374ad40","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50271,"status":200,"time_taken":373914,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:06:07.621205Z","timestamp":"2021-04-21T08:06:07.247401Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"22a3ee53-9e31-450d-b06e-07bd7ca64a4f","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50271,"status":200,"time_taken":373997,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:09.618284Z","timestamp":"2021-04-21T08:06:09.240969Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"cec151e9-3ba4-4a92-a2d0-b74d11efd3ae","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54640,"status":200,"time_taken":377538,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:12.607544Z","timestamp":"2021-04-21T08:06:12.235567Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"fb7e80fe-eb2e-4f8f-b84c-057a00e98c76","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63128,"status":200,"time_taken":372231,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:13.484829Z","timestamp":"2021-04-21T08:06:13.119276Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"50330e0f-0e41-40ab-86cb-82522787a0da","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50272,"status":200,"time_taken":365600,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/","vxlan_id":16197215} {"endtime":"2021-04-21T08:06:13.491415Z","timestamp":"2021-04-21T08:06:13.126023Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"3d59f134-ce4d-4de2-a1de-9e6219eb93d5","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:A6:BB:6E:A0:4E","src_port":50272,"status":200,"time_taken":365595,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:15.487404Z","timestamp":"2021-04-21T08:06:15.120118Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c0094140-810c-428c-92bd-dc1fa02b61cb","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:23:00:63:4A:72","src_port":54642,"status":200,"time_taken":367623,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"} {"endtime":"2021-04-21T08:06:18.434973Z","timestamp":"2021-04-21T08:06:18.433978Z","bytes":1894,"bytes_in":731,"bytes_out":1163,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b18ec342-0a3b-4fb6-b91e-a7b576687fd7","form_data":"output_mode=json&_=1618990005133","http_comment":"HTTP/1.1 200 OK","http_content_length":416,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618990005133 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50021,"status":200,"time_taken":995,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618990005133"} {"endtime":"2021-04-21T08:06:18.438673Z","timestamp":"2021-04-21T08:06:18.438189Z","bytes":1892,"bytes_in":731,"bytes_out":1161,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"ec675d3a-98fe-4ac5-afb3-23f00dbb630b","form_data":"output_mode=json&_=1618989993130","http_comment":"HTTP/1.1 200 OK","http_content_length":416,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1618989993130 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50052,"status":200,"time_taken":484,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1618989993130"} {"endtime":"2021-04-21T08:06:18.439026Z","timestamp":"2021-04-21T08:06:18.438795Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"2f3f39d3-205d-4d51-9786-2b8e5d95191a","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005134","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005134 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49966,"status":200,"time_taken":231,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618990005134"} {"endtime":"2021-04-21T08:06:18.439194Z","timestamp":"2021-04-21T08:06:18.438998Z","bytes":1746,"bytes_in":774,"bytes_out":972,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"9f89fa4a-10ef-4b34-abb9-4ba1ac6bedd0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993131","http_comment":"HTTP/1.1 200 OK","http_content_length":268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993131 HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50051,"status":200,"time_taken":196,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1618989993131"} {"endtime":"2021-04-21T08:06:18.440505Z","timestamp":"2021-04-21T08:06:18.438737Z","bytes":1679,"bytes_in":917,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"c2ae29e0-a48a-4461-8012-a2d2132fc6e1","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":49964,"status":200,"time_taken":1768,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618990032.10/control"} {"endtime":"2021-04-21T08:06:18.440568Z","timestamp":"2021-04-21T08:06:18.439057Z","bytes":1678,"bytes_in":916,"bytes_out":762,"cookie":"session_id_8000=81beacd6cc82670cf51f101406b6f2e6dc00c023; splunkweb_csrf_token_8000=13513429838815417873; splunkd_8000=hqgmdEtQxOhEw3ZmFgprN6vGRgpSvH2Ga3oRpf72leHDd2O5Xopp98RYlbNNRhEcZBuR506i^Ec9tV4iQPQLGXiDV74jRQYeUcHCuAOPkc3QF_woxCuvr_lMs6l0kLrVPiZO0^un","dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1ef590b-7913-4f4a-ae96-97b87f993688","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control HTTP/1.1","server":"Splunkd","site":"18.193.215.146:8000","src_ip":"46.128.24.64","src_mac":"02:AC:9D:85:B5:68","src_port":50053,"status":200,"time_taken":1511,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1618989993.8/control"} {"endtime":"2021-04-21T08:06:18.509045Z","timestamp":"2021-04-21T08:06:18.142061Z","bytes":1183,"bytes_in":167,"bytes_out":1016,"dest_ip":"10.0.1.12","dest_mac":"02:DA:73:7B:81:70","dest_port":8000,"flow_id":"b1c98ed3-9a24-4085-8473-983588d0de48","http_comment":"HTTP/1.1 200 OK","http_content_length":527,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.14","src_mac":"02:5E:4B:DD:46:A6","src_port":63129,"status":200,"time_taken":367730,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream