{"endtime":"2021-04-22T11:10:42.227867Z","timestamp":"2021-04-22T11:10:42.227867Z","count":8,"c_ip":"10.0.1.18","sum(bytes_in)":1422,"sum(bytes_out)":716862,"sum(time_taken)":2932447}
{"endtime":"2021-04-22T11:10:42.227867Z","timestamp":"2021-04-22T11:10:42.227867Z","count":3,"c_ip":"10.0.1.14","sum(bytes_in)":764,"sum(bytes_out)":11314598,"sum(time_taken)":189192}
{"endtime":"2021-04-22T11:10:42.227926Z","timestamp":"2021-04-22T11:10:42.227926Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":3121639}
{"endtime":"2021-04-22T11:10:42.227934Z","timestamp":"2021-04-22T11:10:42.227934Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:10:42.227940Z","timestamp":"2021-04-22T11:10:42.227940Z","count":2,"dest_ip":"10.0.1.12","site":"10.0.1.12:8888","status":200,"uri_path":"/file/download","sum(bytes_in)":225,"sum(bytes_out)":11314118,"sum(time_taken)":185986}
{"endtime":"2021-04-22T11:10:42.227940Z","timestamp":"2021-04-22T11:10:42.227940Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12:8888","status":200,"uri_path":"/beacon","sum(bytes_in)":539,"sum(bytes_out)":480,"sum(time_taken)":3206}
{"endtime":"2021-04-22T11:10:42.227940Z","timestamp":"2021-04-22T11:10:42.227940Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/vocabularies/","sum(bytes_in)":175,"sum(bytes_out)":246012,"sum(time_taken)":363053}
{"endtime":"2021-04-22T11:10:42.227940Z","timestamp":"2021-04-22T11:10:42.227940Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/streams/","sum(bytes_in)":231,"sum(bytes_out)":464944,"sum(time_taken)":376504}
{"endtime":"2021-04-22T11:10:42.227940Z","timestamp":"2021-04-22T11:10:42.227940Z","count":5,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":835,"sum(bytes_out)":5080,"sum(time_taken)":1818369}
{"endtime":"2021-04-22T11:10:42.227940Z","timestamp":"2021-04-22T11:10:42.227940Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/","sum(bytes_in)":181,"sum(bytes_out)":826,"sum(time_taken)":374521}
{"endtime":"2021-04-22T11:11:43.102204Z","timestamp":"2021-04-22T11:11:43.102204Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4063644}
{"endtime":"2021-04-22T11:11:43.102237Z","timestamp":"2021-04-22T11:11:43.102237Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4063644}
{"endtime":"2021-04-22T11:11:43.102246Z","timestamp":"2021-04-22T11:11:43.102246Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:11:43.102252Z","timestamp":"2021-04-22T11:11:43.102252Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4063644}
{"endtime":"2021-04-22T11:12:36.221824Z","timestamp":"2021-04-22T11:12:36.221824Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":744,"sum(bytes_out)":1581,"sum(time_taken)":683}
{"endtime":"2021-04-22T11:12:36.221824Z","timestamp":"2021-04-22T11:12:36.221824Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":202,"sum(bytes_out)":237,"sum(time_taken)":272}
{"endtime":"2021-04-22T11:12:36.221812Z","timestamp":"2021-04-22T11:12:36.221812Z","count":3,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:12:36.221812Z","timestamp":"2021-04-22T11:12:36.221812Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:12:36.221804Z","timestamp":"2021-04-22T11:12:36.221804Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":955}
{"endtime":"2021-04-22T11:12:36.221776Z","timestamp":"2021-04-22T11:12:36.221776Z","count":4,"c_ip":"10.0.1.18","sum(bytes_in)":946,"sum(bytes_out)":1818,"sum(time_taken)":955}
{"endtime":"2021-04-22T11:12:43.228974Z","timestamp":"2021-04-22T11:12:43.228974Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4144401}
{"endtime":"2021-04-22T11:12:43.228974Z","timestamp":"2021-04-22T11:12:43.228974Z","count":4,"c_ip":"10.0.1.12","sum(bytes_in)":946,"sum(bytes_out)":1812,"sum(time_taken)":3167}
{"endtime":"2021-04-22T11:12:43.229027Z","timestamp":"2021-04-22T11:12:43.229027Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":3167}
{"endtime":"2021-04-22T11:12:43.229027Z","timestamp":"2021-04-22T11:12:43.229027Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4144401}
{"endtime":"2021-04-22T11:12:43.229041Z","timestamp":"2021-04-22T11:12:43.229041Z","count":3,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:12:43.229041Z","timestamp":"2021-04-22T11:12:43.229041Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:12:43.229041Z","timestamp":"2021-04-22T11:12:43.229041Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:12:43.229056Z","timestamp":"2021-04-22T11:12:43.229056Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":744,"sum(bytes_out)":1575,"sum(time_taken)":2183}
{"endtime":"2021-04-22T11:12:43.229056Z","timestamp":"2021-04-22T11:12:43.229056Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":202,"sum(bytes_out)":237,"sum(time_taken)":984}
{"endtime":"2021-04-22T11:12:43.229056Z","timestamp":"2021-04-22T11:12:43.229056Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4144401}
{"endtime":"2021-04-22T11:13:37.130561Z","timestamp":"2021-04-22T11:13:37.130561Z","count":1,"dest_ip":"23.37.43.27","site":"ocsp.verisign.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D","sum(bytes_in)":236,"sum(bytes_out)":2116,"sum(time_taken)":1724}
{"endtime":"2021-04-22T11:13:37.130561Z","timestamp":"2021-04-22T11:13:37.130561Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/vocabularies/","sum(bytes_in)":175,"sum(bytes_out)":246012,"sum(time_taken)":378924}
{"endtime":"2021-04-22T11:13:37.130561Z","timestamp":"2021-04-22T11:13:37.130561Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/streams/","sum(bytes_in)":217,"sum(bytes_out)":464944,"sum(time_taken)":382135}
{"endtime":"2021-04-22T11:13:37.130561Z","timestamp":"2021-04-22T11:13:37.130561Z","count":6,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1002,"sum(bytes_out)":6096,"sum(time_taken)":2204484}
{"endtime":"2021-04-22T11:13:37.130561Z","timestamp":"2021-04-22T11:13:37.130561Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/","sum(bytes_in)":181,"sum(bytes_out)":826,"sum(time_taken)":366098}
{"endtime":"2021-04-22T11:13:37.130552Z","timestamp":"2021-04-22T11:13:37.130552Z","count":1,"dest_ip":"23.37.43.27","status":200}
{"endtime":"2021-04-22T11:13:37.130552Z","timestamp":"2021-04-22T11:13:37.130552Z","count":9,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:13:37.130542Z","timestamp":"2021-04-22T11:13:37.130542Z","count":1,"dest_ip":"23.37.43.27","sum(time_taken)":1724}
{"endtime":"2021-04-22T11:13:37.130542Z","timestamp":"2021-04-22T11:13:37.130542Z","count":9,"dest_ip":"10.0.1.12","sum(time_taken)":3331641}
{"endtime":"2021-04-22T11:13:37.130510Z","timestamp":"2021-04-22T11:13:37.130510Z","count":10,"c_ip":"10.0.1.14","sum(bytes_in)":1811,"sum(bytes_out)":719994,"sum(time_taken)":3333365}
{"endtime":"2021-04-22T11:13:44.104575Z","timestamp":"2021-04-22T11:13:44.104575Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4111945}
{"endtime":"2021-04-22T11:13:44.104575Z","timestamp":"2021-04-22T11:13:44.104575Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1909,"sum(bytes_out)":719910,"sum(time_taken)":4071044}
{"endtime":"2021-04-22T11:13:44.104636Z","timestamp":"2021-04-22T11:13:44.104636Z","count":22,"dest_ip":"10.0.1.12","sum(time_taken)":8182989}
{"endtime":"2021-04-22T11:13:44.104644Z","timestamp":"2021-04-22T11:13:44.104644Z","count":22,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:13:44.104651Z","timestamp":"2021-04-22T11:13:44.104651Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/vocabularies/","sum(bytes_in)":175,"sum(bytes_out)":246012,"sum(time_taken)":378683}
{"endtime":"2021-04-22T11:13:44.104651Z","timestamp":"2021-04-22T11:13:44.104651Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/streams/","sum(bytes_in)":217,"sum(bytes_out)":464944,"sum(time_taken)":381899}
{"endtime":"2021-04-22T11:13:44.104651Z","timestamp":"2021-04-22T11:13:44.104651Z","count":19,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3173,"sum(bytes_out)":19304,"sum(time_taken)":7056337}
{"endtime":"2021-04-22T11:13:44.104651Z","timestamp":"2021-04-22T11:13:44.104651Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/","sum(bytes_in)":181,"sum(bytes_out)":826,"sum(time_taken)":366070}
{"endtime":"2021-04-22T11:14:37.191997Z","timestamp":"2021-04-22T11:14:37.191997Z","count":12,"c_ip":"10.0.1.14","sum(bytes_in)":2073,"sum(bytes_out)":13198,"sum(time_taken)":4030953}
{"endtime":"2021-04-22T11:14:37.192042Z","timestamp":"2021-04-22T11:14:37.192042Z","count":1,"dest_ip":"23.37.43.27","site":"ocsp.verisign.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEBQCru8NMb50PnP2p6lgxPQ%3D","sum(bytes_in)":236,"sum(bytes_out)":2022,"sum(time_taken)":2397}
{"endtime":"2021-04-22T11:14:37.192042Z","timestamp":"2021-04-22T11:14:37.192042Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4028556}
{"endtime":"2021-04-22T11:14:37.192034Z","timestamp":"2021-04-22T11:14:37.192034Z","count":1,"dest_ip":"23.37.43.27","status":200}
{"endtime":"2021-04-22T11:14:37.192034Z","timestamp":"2021-04-22T11:14:37.192034Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:14:37.192022Z","timestamp":"2021-04-22T11:14:37.192022Z","count":1,"dest_ip":"23.37.43.27","sum(time_taken)":2397}
{"endtime":"2021-04-22T11:14:37.192022Z","timestamp":"2021-04-22T11:14:37.192022Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4028556}
{"endtime":"2021-04-22T11:14:44.173470Z","timestamp":"2021-04-22T11:14:44.173470Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4032591}
{"endtime":"2021-04-22T11:14:44.173470Z","timestamp":"2021-04-22T11:14:44.173470Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4022335}
{"endtime":"2021-04-22T11:14:44.173525Z","timestamp":"2021-04-22T11:14:44.173525Z","count":22,"dest_ip":"10.0.1.12","sum(time_taken)":8054926}
{"endtime":"2021-04-22T11:14:44.173532Z","timestamp":"2021-04-22T11:14:44.173532Z","count":22,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:14:44.173539Z","timestamp":"2021-04-22T11:14:44.173539Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":22352,"sum(time_taken)":8054926}
{"endtime":"2021-04-22T11:15:31.009434Z","timestamp":"2021-04-22T11:15:31.009434Z","count":2,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":500,"sum(bytes_out)":1054,"sum(time_taken)":485}
{"endtime":"2021-04-22T11:15:31.009434Z","timestamp":"2021-04-22T11:15:31.009434Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":204,"sum(bytes_out)":237,"sum(time_taken)":284}
{"endtime":"2021-04-22T11:15:31.009434Z","timestamp":"2021-04-22T11:15:31.009434Z","count":2,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:15:31.009434Z","timestamp":"2021-04-22T11:15:31.009434Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:15:31.009434Z","timestamp":"2021-04-22T11:15:31.009434Z","count":3,"dest_ip":"169.254.169.254","sum(time_taken)":769}
{"endtime":"2021-04-22T11:15:31.009434Z","timestamp":"2021-04-22T11:15:31.009434Z","count":3,"c_ip":"10.0.1.14","sum(bytes_in)":704,"sum(bytes_out)":1291,"sum(time_taken)":769}
{"endtime":"2021-04-22T11:15:38.015902Z","timestamp":"2021-04-22T11:15:38.015902Z","count":12,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":2004,"sum(bytes_out)":12192,"sum(time_taken)":4409432}
{"endtime":"2021-04-22T11:15:38.015897Z","timestamp":"2021-04-22T11:15:38.015897Z","count":12,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:15:38.015891Z","timestamp":"2021-04-22T11:15:38.015891Z","count":12,"dest_ip":"10.0.1.12","sum(time_taken)":4409432}
{"endtime":"2021-04-22T11:15:38.015851Z","timestamp":"2021-04-22T11:15:38.015851Z","count":12,"c_ip":"10.0.1.14","sum(bytes_in)":2004,"sum(bytes_out)":12192,"sum(time_taken)":4409432}
{"endtime":"2021-04-22T11:15:45.010927Z","timestamp":"2021-04-22T11:15:45.010927Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4066093}
{"endtime":"2021-04-22T11:15:45.010927Z","timestamp":"2021-04-22T11:15:45.010927Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4039745}
{"endtime":"2021-04-22T11:15:45.010987Z","timestamp":"2021-04-22T11:15:45.010987Z","count":22,"dest_ip":"10.0.1.12","sum(time_taken)":8105838}
{"endtime":"2021-04-22T11:15:45.010994Z","timestamp":"2021-04-22T11:15:45.010994Z","count":22,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:15:45.011001Z","timestamp":"2021-04-22T11:15:45.011001Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":22352,"sum(time_taken)":8105838}
{"endtime":"2021-04-22T11:16:31.089400Z","timestamp":"2021-04-22T11:16:31.089400Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":250,"sum(bytes_out)":527,"sum(time_taken)":1756}
{"endtime":"2021-04-22T11:16:31.089400Z","timestamp":"2021-04-22T11:16:31.089400Z","count":1,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:16:31.089400Z","timestamp":"2021-04-22T11:16:31.089400Z","count":1,"dest_ip":"169.254.169.254","sum(time_taken)":1756}
{"endtime":"2021-04-22T11:16:31.089400Z","timestamp":"2021-04-22T11:16:31.089400Z","count":1,"c_ip":"10.0.1.14","sum(bytes_in)":250,"sum(bytes_out)":527,"sum(time_taken)":1756}
{"endtime":"2021-04-22T11:16:38.067747Z","timestamp":"2021-04-22T11:16:38.067747Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3666999}
{"endtime":"2021-04-22T11:16:38.067742Z","timestamp":"2021-04-22T11:16:38.067742Z","count":10,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:16:38.067734Z","timestamp":"2021-04-22T11:16:38.067734Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3666999}
{"endtime":"2021-04-22T11:16:38.067692Z","timestamp":"2021-04-22T11:16:38.067692Z","count":10,"c_ip":"10.0.1.14","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3666999}
{"endtime":"2021-04-22T11:16:45.085680Z","timestamp":"2021-04-22T11:16:45.085680Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4029056}
{"endtime":"2021-04-22T11:16:45.085680Z","timestamp":"2021-04-22T11:16:45.085680Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4039872}
{"endtime":"2021-04-22T11:16:45.085736Z","timestamp":"2021-04-22T11:16:45.085736Z","count":22,"dest_ip":"10.0.1.12","sum(time_taken)":8068928}
{"endtime":"2021-04-22T11:16:45.085744Z","timestamp":"2021-04-22T11:16:45.085744Z","count":22,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:16:45.085751Z","timestamp":"2021-04-22T11:16:45.085751Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":22352,"sum(time_taken)":8068928}
{"endtime":"2021-04-22T11:17:38.113703Z","timestamp":"2021-04-22T11:17:38.113703Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4082420}
{"endtime":"2021-04-22T11:17:38.113698Z","timestamp":"2021-04-22T11:17:38.113698Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:17:38.113692Z","timestamp":"2021-04-22T11:17:38.113692Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4082420}
{"endtime":"2021-04-22T11:17:38.113648Z","timestamp":"2021-04-22T11:17:38.113648Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4082420}
{"endtime":"2021-04-22T11:17:45.208553Z","timestamp":"2021-04-22T11:17:45.208553Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4032926}
{"endtime":"2021-04-22T11:17:45.208553Z","timestamp":"2021-04-22T11:17:45.208553Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4086875}
{"endtime":"2021-04-22T11:17:45.208596Z","timestamp":"2021-04-22T11:17:45.208596Z","count":22,"dest_ip":"10.0.1.12","sum(time_taken)":8119801}
{"endtime":"2021-04-22T11:17:45.208605Z","timestamp":"2021-04-22T11:17:45.208605Z","count":22,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:17:45.208611Z","timestamp":"2021-04-22T11:17:45.208611Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":22352,"sum(time_taken)":8119801}
{"endtime":"2021-04-22T11:18:38.218886Z","timestamp":"2021-04-22T11:18:38.218886Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4034096}
{"endtime":"2021-04-22T11:18:38.218882Z","timestamp":"2021-04-22T11:18:38.218882Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:18:38.218875Z","timestamp":"2021-04-22T11:18:38.218875Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4034096}
{"endtime":"2021-04-22T11:18:38.218847Z","timestamp":"2021-04-22T11:18:38.218847Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4034096}
{"endtime":"2021-04-22T11:18:46.105204Z","timestamp":"2021-04-22T11:18:46.105204Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4090893}
{"endtime":"2021-04-22T11:18:46.105204Z","timestamp":"2021-04-22T11:18:46.105204Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4024060}
{"endtime":"2021-04-22T11:18:46.105274Z","timestamp":"2021-04-22T11:18:46.105274Z","count":22,"dest_ip":"10.0.1.12","sum(time_taken)":8114953}
{"endtime":"2021-04-22T11:18:46.105281Z","timestamp":"2021-04-22T11:18:46.105281Z","count":22,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:18:46.105287Z","timestamp":"2021-04-22T11:18:46.105287Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":22352,"sum(time_taken)":8114953}
{"endtime":"2021-04-22T11:19:39.093400Z","timestamp":"2021-04-22T11:19:39.093400Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3677527}
{"endtime":"2021-04-22T11:19:39.093395Z","timestamp":"2021-04-22T11:19:39.093395Z","count":10,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:19:39.093388Z","timestamp":"2021-04-22T11:19:39.093388Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3677527}
{"endtime":"2021-04-22T11:19:39.093360Z","timestamp":"2021-04-22T11:19:39.093360Z","count":10,"c_ip":"10.0.1.14","sum(bytes_in)":1670,"sum(bytes_out)":10160,"sum(time_taken)":3677527}
{"endtime":"2021-04-22T11:19:46.232528Z","timestamp":"2021-04-22T11:19:46.232528Z","count":1,"c_ip":"34.77.163.42","sum(bytes_in)":263,"sum(bytes_out)":630,"sum(time_taken)":12127}
{"endtime":"2021-04-22T11:19:46.232528Z","timestamp":"2021-04-22T11:19:46.232528Z","count":5,"c_ip":"185.142.236.34","sum(bytes_in)":1247,"sum(bytes_out)":37745,"sum(time_taken)":69450}
{"endtime":"2021-04-22T11:19:46.232528Z","timestamp":"2021-04-22T11:19:46.232528Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4116260}
{"endtime":"2021-04-22T11:19:46.232528Z","timestamp":"2021-04-22T11:19:46.232528Z","count":3,"c_ip":"10.0.1.15","sum(bytes_in)":764,"sum(bytes_out)":11314598,"sum(time_taken)":168459}
{"endtime":"2021-04-22T11:19:46.232528Z","timestamp":"2021-04-22T11:19:46.232528Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4063156}
{"endtime":"2021-04-22T11:19:46.232618Z","timestamp":"2021-04-22T11:19:46.232618Z","count":31,"dest_ip":"10.0.1.12","sum(time_taken)":8429452}
{"endtime":"2021-04-22T11:19:46.232625Z","timestamp":"2021-04-22T11:19:46.232625Z","count":4,"dest_ip":"10.0.1.12","status":303}
{"endtime":"2021-04-22T11:19:46.232625Z","timestamp":"2021-04-22T11:19:46.232625Z","count":27,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:19:46.232636Z","timestamp":"2021-04-22T11:19:46.232636Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/favicon.ico","sum(bytes_in)":219,"sum(bytes_out)":663,"sum(time_taken)":8426}
{"endtime":"2021-04-22T11:19:46.232636Z","timestamp":"2021-04-22T11:19:46.232636Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/","sum(bytes_in)":263,"sum(bytes_out)":630,"sum(time_taken)":12127}
{"endtime":"2021-04-22T11:19:46.232636Z","timestamp":"2021-04-22T11:19:46.232636Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-US/favicon.ico","sum(bytes_in)":225,"sum(bytes_out)":21821,"sum(time_taken)":20928}
{"endtime":"2021-04-22T11:19:46.232636Z","timestamp":"2021-04-22T11:19:46.232636Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226","status":303,"uri_path":"/en-US/","sum(bytes_in)":258,"sum(bytes_out)":639,"sum(time_taken)":22539}
{"endtime":"2021-04-22T11:19:46.232636Z","timestamp":"2021-04-22T11:19:46.232636Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226","status":303,"uri_path":"/","sum(bytes_in)":252,"sum(bytes_out)":615,"sum(time_taken)":8372}
{"endtime":"2021-04-22T11:19:46.232636Z","timestamp":"2021-04-22T11:19:46.232636Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226","status":200,"uri_path":"/en-US/account/login","sum(bytes_in)":293,"sum(bytes_out)":14007,"sum(time_taken)":9185}
{"endtime":"2021-04-22T11:19:46.232636Z","timestamp":"2021-04-22T11:19:46.232636Z","count":2,"dest_ip":"10.0.1.12","site":"10.0.1.12:8888","status":200,"uri_path":"/file/download","sum(bytes_in)":225,"sum(bytes_out)":11314118,"sum(time_taken)":165242}
{"endtime":"2021-04-22T11:19:46.232636Z","timestamp":"2021-04-22T11:19:46.232636Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12:8888","status":200,"uri_path":"/beacon","sum(bytes_in)":539,"sum(bytes_out)":480,"sum(time_taken)":3217}
{"endtime":"2021-04-22T11:19:46.232636Z","timestamp":"2021-04-22T11:19:46.232636Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":22352,"sum(time_taken)":8179416}
{"endtime":"2021-04-22T11:20:39.235403Z","timestamp":"2021-04-22T11:20:39.235403Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4086378}
{"endtime":"2021-04-22T11:20:39.235398Z","timestamp":"2021-04-22T11:20:39.235398Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:20:39.235391Z","timestamp":"2021-04-22T11:20:39.235391Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":4086378}
{"endtime":"2021-04-22T11:20:39.235363Z","timestamp":"2021-04-22T11:20:39.235363Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4086378}
{"endtime":"2021-04-22T11:20:47.119464Z","timestamp":"2021-04-22T11:20:47.119464Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4118893}
{"endtime":"2021-04-22T11:20:47.119464Z","timestamp":"2021-04-22T11:20:47.119464Z","count":3,"c_ip":"10.0.1.15","sum(bytes_in)":764,"sum(bytes_out)":11314598,"sum(time_taken)":342613}
{"endtime":"2021-04-22T11:20:47.119464Z","timestamp":"2021-04-22T11:20:47.119464Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":11176,"sum(time_taken)":4075472}
{"endtime":"2021-04-22T11:20:47.119541Z","timestamp":"2021-04-22T11:20:47.119541Z","count":25,"dest_ip":"10.0.1.12","sum(time_taken)":8536978}
{"endtime":"2021-04-22T11:20:47.119549Z","timestamp":"2021-04-22T11:20:47.119549Z","count":25,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:20:47.119555Z","timestamp":"2021-04-22T11:20:47.119555Z","count":2,"dest_ip":"10.0.1.12","site":"10.0.1.12:8888","status":200,"uri_path":"/file/download","sum(bytes_in)":225,"sum(bytes_out)":11314118,"sum(time_taken)":339278}
{"endtime":"2021-04-22T11:20:47.119555Z","timestamp":"2021-04-22T11:20:47.119555Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12:8888","status":200,"uri_path":"/beacon","sum(bytes_in)":539,"sum(bytes_out)":480,"sum(time_taken)":3335}
{"endtime":"2021-04-22T11:20:47.119555Z","timestamp":"2021-04-22T11:20:47.119555Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":22352,"sum(time_taken)":8194365}
{"endtime":"2021-04-22T11:21:29.908278Z","timestamp":"2021-04-22T11:21:29.908278Z","count":9,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1503,"sum(bytes_out)":9144,"sum(time_taken)":3561225}
{"endtime":"2021-04-22T11:21:29.908273Z","timestamp":"2021-04-22T11:21:29.908273Z","count":9,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:21:29.908268Z","timestamp":"2021-04-22T11:21:29.908268Z","count":9,"dest_ip":"10.0.1.12","sum(time_taken)":3561225}
{"endtime":"2021-04-22T11:21:29.908260Z","timestamp":"2021-04-22T11:21:29.908260Z","count":9,"c_ip":"10.0.1.14","sum(bytes_in)":1503,"sum(bytes_out)":9144,"sum(time_taken)":3561225}
{"endtime":"2021-04-22T11:21:31.491749Z","timestamp":"2021-04-22T11:21:31.491749Z","count":333,"c_ip":"46.128.24.64","sum(bytes_in)":261553,"sum(bytes_out)":9683570,"sum(time_taken)":13276207}
{"endtime":"2021-04-22T11:21:31.491749Z","timestamp":"2021-04-22T11:21:31.491749Z","count":7,"c_ip":"10.0.1.18","sum(bytes_in)":1169,"sum(bytes_out)":7112,"sum(time_taken)":2598972}
{"endtime":"2021-04-22T11:21:31.491749Z","timestamp":"2021-04-22T11:21:31.491749Z","count":7,"c_ip":"10.0.1.14","sum(bytes_in)":1169,"sum(bytes_out)":7112,"sum(time_taken)":2832148}
{"endtime":"2021-04-22T11:21:31.491774Z","timestamp":"2021-04-22T11:21:31.491774Z","count":347,"dest_ip":"10.0.1.12","sum(time_taken)":18707327}
{"endtime":"2021-04-22T11:21:31.491781Z","timestamp":"2021-04-22T11:21:31.491781Z","count":17,"dest_ip":"10.0.1.12","status":404}
{"endtime":"2021-04-22T11:21:31.491781Z","timestamp":"2021-04-22T11:21:31.491781Z","count":1,"dest_ip":"10.0.1.12","status":304}
{"endtime":"2021-04-22T11:21:31.491781Z","timestamp":"2021-04-22T11:21:31.491781Z","count":9,"dest_ip":"10.0.1.12","status":303}
{"endtime":"2021-04-22T11:21:31.491781Z","timestamp":"2021-04-22T11:21:31.491781Z","count":14,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:21:31.491781Z","timestamp":"2021-04-22T11:21:31.491781Z","count":306,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/api/messages/index","sum(bytes_in)":623,"sum(bytes_out)":835,"sum(time_taken)":35340}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/punchcard_app/static/appIconAlt.png","sum(bytes_in)":678,"sum(bytes_out)":700,"sum(time_taken)":294}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/punchcard_app/static/appIcon.png","sum(bytes_in)":675,"sum(bytes_out)":2164,"sum(time_taken)":321}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/launcher/data/ui/ui-tour","sum(bytes_in)":801,"sum(bytes_out)":5348,"sum(time_taken)":2219}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_nix/static/appIconAlt.png","sum(bytes_in)":678,"sum(bytes_out)":700,"sum(time_taken)":334}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ML_Toolkit/static/appIconAlt.png","sum(bytes_in)":682,"sum(bytes_out)":1773,"sum(time_taken)":347}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_nix/static/appIcon.png","sum(bytes_in)":675,"sum(bytes_out)":5411,"sum(time_taken)":363}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws/static/appIconAlt.png","sum(bytes_in)":678,"sum(bytes_out)":2353,"sum(time_taken)":360}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/static/appIcon.png","sum(bytes_in)":691,"sum(bytes_out)":2398,"sum(time_taken)":468}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ASX/static/appIconAlt.png","sum(bytes_in)":675,"sum(bytes_out)":3287,"sum(time_taken)":27597}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619090470.14","sum(bytes_in)":822,"sum(bytes_out)":1849,"sum(time_taken)":1538}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/DA-ESS-ContentUpdate/static/appIconAlt.png","sum(bytes_in)":685,"sum(bytes_out)":3287,"sum(time_taken)":442}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/user-prefs/general_default","sum(bytes_in)":765,"sum(bytes_out)":1314,"sum(time_taken)":509}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/authorization/roles","sum(bytes_in)":723,"sum(bytes_out)":2648,"sum(time_taken)":1192}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/views/attack_range_main_dashboard","sum(bytes_in)":775,"sum(bytes_out)":3566,"sum(time_taken)":2196}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws/static/appIcon.png","sum(bytes_in)":675,"sum(bytes_out)":2353,"sum(time_taken)":387}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws-kinesis-firehose/static/appIconAlt.png","sum(bytes_in)":695,"sum(bytes_out)":1600,"sum(time_taken)":452}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/favicon.ico","sum(bytes_in)":623,"sum(bytes_out)":21821,"sum(time_taken)":57546}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/splunk_attack_range_reporting/attack_range_main_dashboard","sum(bytes_in)":865,"sum(bytes_out)":4597,"sum(time_taken)":195473}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws-kinesis-firehose/static/appIcon.png","sum(bytes_in)":692,"sum(bytes_out)":1600,"sum(time_taken)":371}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_Security_Essentials/static/appIconAlt.png","sum(bytes_in)":691,"sum(bytes_out)":3516,"sum(time_taken)":470}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/static/appIcon.png","sum(bytes_in)":679,"sum(bytes_out)":2795,"sum(time_taken)":1924}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_Security_Essentials/static/appIcon.png","sum(bytes_in)":688,"sum(bytes_out)":3933,"sum(time_taken)":520}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/ui/prefs/_new","sum(bytes_in)":714,"sum(bytes_out)":1908,"sum(time_taken)":4065}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_ta_o365/static/appIcon.png","sum(bytes_in)":676,"sum(bytes_out)":3798,"sum(time_taken)":477}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__httpErrors_1619090484.30","sum(bytes_in)":796,"sum(bytes_out)":2508,"sum(time_taken)":1877}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/static/appIconAlt.png","sum(bytes_in)":694,"sum(bytes_out)":2398,"sum(time_taken)":458}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ML_Toolkit/static/appIcon.png","sum(bytes_in)":679,"sum(bytes_out)":2227,"sum(time_taken)":34499}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/launcher/home","sum(bytes_in)":830,"sum(bytes_out)":2047,"sum(time_taken)":203889}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__topApps_1619090484.27/results_preview","sum(bytes_in)":851,"sum(bytes_out)":1093,"sum(time_taken)":1614}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__dnsActivitySM_1619090484.33","sum(bytes_in)":799,"sum(bytes_out)":2372,"sum(time_taken)":3783}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/modules/@FAB67257C0E63681CC9B3E737456463A9FACB8167BCEE1CB349925B3A410A303/modules-f1eb7bb3cd3be27b49f2a76914a94a7237f13554.min.css","sum(bytes_in)":765,"sum(bytes_out)":646,"sum(time_taken)":86056}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__avgResponseTimesSM_1619090484.32","sum(bytes_in)":804,"sum(bytes_out)":2420,"sum(time_taken)":3714}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619090470.13","sum(bytes_in)":821,"sum(bytes_out)":1955,"sum(time_taken)":3230}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__RMD5e0579a4af9f25881_1619090484.37","sum(bytes_in)":806,"sum(bytes_out)":1730,"sum(time_taken)":1556}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/cloudinstance","sum(bytes_in)":694,"sum(bytes_out)":781,"sum(time_taken)":102575}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/views/info_overview","sum(bytes_in)":749,"sum(bytes_out)":1428,"sum(time_taken)":1763}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__domainTableSM_1619090484.29/results_preview","sum(bytes_in)":853,"sum(bytes_out)":1049,"sum(time_taken)":1812}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/ui-tour","sum(bytes_in)":746,"sum(bytes_out)":5344,"sum(time_taken)":3125}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/modules/@FAB67257C0E63681CC9B3E737456463A9FACB8167BCEE1CB349925B3A410A303/modules-6ccaedc50715a9afa5fc22e2126eacb6d18bf73d.min.css","sum(bytes_in)":765,"sum(bytes_out)":827,"sum(time_taken)":54492}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__dnsActivitySM_1619090484.33/results_preview","sum(bytes_in)":857,"sum(bytes_out)":1058,"sum(time_taken)":1761}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appIconAlt.png","sum(bytes_in)":671,"sum(bytes_out)":2612,"sum(time_taken)":26103}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090470.12","sum(bytes_in)":824,"sum(bytes_out)":1806,"sum(time_taken)":2140}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ASX/static/appIcon.png","sum(bytes_in)":672,"sum(bytes_out)":4289,"sum(time_taken)":25627}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/configs/conf-searchbnf","sum(bytes_in)":726,"sum(bytes_out)":129262,"sum(time_taken)":186111}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/users/current/easysetup","sum(bytes_in)":704,"sum(bytes_out)":769,"sum(time_taken)":79200}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/splunk_app_stream/info_overview","sum(bytes_in)":748,"sum(bytes_out)":2170,"sum(time_taken)":183947}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/scheduled/views/attack_range_main_dashboard","sum(bytes_in)":777,"sum(bytes_out)":1541,"sum(time_taken)":49498}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/visualizations","sum(bytes_in)":806,"sum(bytes_out)":6959,"sum(time_taken)":33909}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/DA-ESS-ContentUpdate/static/appIcon.png","sum(bytes_in)":682,"sum(bytes_out)":4289,"sum(time_taken)":343}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/nav","sum(bytes_in)":790,"sum(bytes_out)":5004,"sum(time_taken)":5398}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/alerts/alert_actions","sum(bytes_in)":874,"sum(bytes_out)":3079,"sum(time_taken)":32819}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/static/appLogo.png","sum(bytes_in)":679,"sum(bytes_out)":2795,"sum(time_taken)":28430}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/static/appIconAlt.png","sum(bytes_in)":682,"sum(bytes_out)":2795,"sum(time_taken)":359}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__topApps_1619090484.27","sum(bytes_in)":793,"sum(bytes_out)":2436,"sum(time_taken)":3684}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sslActivitySM_1619090484.35","sum(bytes_in)":799,"sum(bytes_out)":2396,"sum(time_taken)":1614}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__responseTimesSM_1619090484.31","sum(bytes_in)":801,"sum(bytes_out)":2421,"sum(time_taken)":1809}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__flowViz_1619090484.28","sum(bytes_in)":793,"sum(bytes_out)":2699,"sum(time_taken)":3691}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__domainTableSM_1619090484.29","sum(bytes_in)":799,"sum(bytes_out)":2577,"sum(time_taken)":1727}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/apps/local/launcher","sum(bytes_in)":715,"sum(bytes_out)":1331,"sum(time_taken)":3019}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/httpinputs","sum(bytes_in)":691,"sum(bytes_out)":1406,"sum(time_taken)":67898}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__dnsErrors_1619090484.34","sum(bytes_in)":795,"sum(bytes_out)":2240,"sum(time_taken)":5072}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__certificateExpirySM_1619090484.36","sum(bytes_in)":805,"sum(bytes_out)":1825,"sum(time_taken)":1587}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sslActivitySM_1619090484.35/results_preview","sum(bytes_in)":857,"sum(bytes_out)":988,"sum(time_taken)":1733}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__RMD5e0579a4af9f25881_1619090484.37/results","sum(bytes_in)":1029,"sum(bytes_out)":941,"sum(time_taken)":1608}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/scheduled/views/info_overview","sum(bytes_in)":751,"sum(bytes_out)":1528,"sum(time_taken)":48545}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__flowViz_1619090484.28/results_preview","sum(bytes_in)":847,"sum(bytes_out)":996,"sum(time_taken)":1781}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/modules/@FAB67257C0E63681CC9B3E737456463A9FACB8167BCEE1CB349925B3A410A303/modules-b262b6b36b84f5a97bc527ab35008475870d3480.min.js","sum(bytes_in)":680,"sum(bytes_out)":39690,"sum(time_taken)":108312}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/views","sum(bytes_in)":753,"sum(bytes_out)":5876,"sum(time_taken)":37729}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/times","sum(bytes_in)":744,"sum(bytes_out)":2653,"sum(time_taken)":2036}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/nav","sum(bytes_in)":733,"sum(bytes_out)":1566,"sum(time_taken)":5524}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/configs/conf-visualizations","sum(bytes_in)":777,"sum(bytes_out)":4759,"sum(time_taken)":4856}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/en-GB/","sum(bytes_in)":1273,"sum(bytes_out)":1215,"sum(time_taken)":83076}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/times","sum(bytes_in)":1529,"sum(bytes_out)":5296,"sum(time_taken)":4396}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/i18ncatalog","sum(bytes_in)":1209,"sum(bytes_out)":1642,"sum(time_taken)":72625}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/account/login","sum(bytes_in)":1408,"sum(bytes_out)":5605,"sum(time_taken)":5734}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/ui-tour","sum(bytes_in)":1516,"sum(bytes_out)":10714,"sum(time_taken)":4893}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/apps/local/splunk_app_stream","sum(bytes_in)":1448,"sum(bytes_out)":2932,"sum(time_taken)":4270}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/users/current/tour","sum(bytes_in)":1524,"sum(bytes_out)":1537,"sum(time_taken)":204742}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/local_streamfwd_proxy","sum(bytes_in)":1404,"sum(bytes_out)":1713,"sum(time_taken)":134218}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs","sum(bytes_in)":5403,"sum(bytes_out)":2792,"sum(time_taken)":38638}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__httpErrors_1619090484.30/results_preview","sum(bytes_in)":2685,"sum(bytes_out)":2502,"sum(time_taken)":55242}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":2151,"sum(bytes_out)":3438,"sum(time_taken)":2019}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/saved/searches/_new","sum(bytes_in)":2145,"sum(bytes_out)":21377,"sum(time_taken)":56799}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/user-prefs/general","sum(bytes_in)":2940,"sum(bytes_out)":5975,"sum(time_taken)":32325}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/manager","sum(bytes_in)":3016,"sum(bytes_out)":40974,"sum(time_taken)":163535}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/info/server-info","sum(bytes_in)":2940,"sum(bytes_out)":7504,"sum(time_taken)":4019}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090470.12/results_preview","sum(bytes_in)":3700,"sum(bytes_out)":3307,"sum(time_taken)":6792}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":2985,"sum(bytes_out)":2996,"sum(time_taken)":1147}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/config","sum(bytes_in)":2360,"sum(bytes_out)":4031,"sum(time_taken)":214944}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/authentication/users/admin","sum(bytes_in)":3674,"sum(bytes_out)":11089,"sum(time_taken)":4059}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/user-prefs/data/user-prefs/general","sum(bytes_in)":5381,"sum(bytes_out)":7626,"sum(time_taken)":10010}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/configs/conf-web/settings","sum(bytes_in)":3669,"sum(bytes_out)":14444,"sum(time_taken)":49153}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":4560,"sum(bytes_out)":5748,"sum(time_taken)":1364}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":7,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs","sum(bytes_in)":7639,"sum(bytes_out)":32321,"sum(time_taken)":150727}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":7,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/apps/local","sum(bytes_in)":5568,"sum(bytes_out)":38945,"sum(time_taken)":30075}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":9,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__dnsErrors_1619090484.34/results_preview","sum(bytes_in)":7818,"sum(bytes_out)":7774,"sum(time_taken)":74623}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":11,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs","sum(bytes_in)":14540,"sum(bytes_out)":9858,"sum(time_taken)":164624}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":14,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":2338,"sum(bytes_out)":14224,"sum(time_taken)":5431120}
{"endtime":"2021-04-22T11:21:31.491807Z","timestamp":"2021-04-22T11:21:31.491807Z","count":40,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090470.12/results_preview","sum(bytes_in)":35408,"sum(bytes_out)":33645,"sum(time_taken)":69251}
{"endtime":"2021-04-22T11:22:07.240060Z","timestamp":"2021-04-22T11:22:07.240060Z","count":2,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/vocabularies/","sum(bytes_in)":350,"sum(bytes_out)":492024,"sum(time_taken)":739958}
{"endtime":"2021-04-22T11:22:07.240060Z","timestamp":"2021-04-22T11:22:07.240060Z","count":2,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/streams/","sum(bytes_in)":434,"sum(bytes_out)":930007,"sum(time_taken)":752167}
{"endtime":"2021-04-22T11:22:07.240060Z","timestamp":"2021-04-22T11:22:07.240060Z","count":7,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1169,"sum(bytes_out)":6979,"sum(time_taken)":2599320}
{"endtime":"2021-04-22T11:22:07.240060Z","timestamp":"2021-04-22T11:22:07.240060Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/","sum(bytes_in)":181,"sum(bytes_out)":826,"sum(time_taken)":1941225}
{"endtime":"2021-04-22T11:22:07.240060Z","timestamp":"2021-04-22T11:22:07.240060Z","count":1,"dest_ip":"10.0.1.12","site":"","status":200,"uri_path":"","sum(bytes_in)":0,"sum(bytes_out)":1016,"sum(time_taken)":121}
{"endtime":"2021-04-22T11:22:07.240055Z","timestamp":"2021-04-22T11:22:07.240055Z","count":13,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:22:07.240049Z","timestamp":"2021-04-22T11:22:07.240049Z","count":13,"dest_ip":"10.0.1.12","sum(time_taken)":6032791}
{"endtime":"2021-04-22T11:22:07.240030Z","timestamp":"2021-04-22T11:22:07.240030Z","count":13,"c_ip":"10.0.1.14","sum(bytes_in)":2134,"sum(bytes_out)":1430852,"sum(time_taken)":6032791}
{"endtime":"2021-04-22T11:22:07.279611Z","timestamp":"2021-04-22T11:22:07.279611Z","count":129,"c_ip":"46.128.24.64","sum(bytes_in)":120790,"sum(bytes_out)":1451450,"sum(time_taken)":4793255}
{"endtime":"2021-04-22T11:22:07.279611Z","timestamp":"2021-04-22T11:22:07.279611Z","count":10,"c_ip":"10.0.1.18","sum(bytes_in)":1756,"sum(bytes_out)":718761,"sum(time_taken)":6851463}
{"endtime":"2021-04-22T11:22:07.279611Z","timestamp":"2021-04-22T11:22:07.279611Z","count":13,"c_ip":"10.0.1.14","sum(bytes_in)":2315,"sum(bytes_out)":1430662,"sum(time_taken)":7998075}
{"endtime":"2021-04-22T11:22:07.279644Z","timestamp":"2021-04-22T11:22:07.279644Z","count":152,"dest_ip":"10.0.1.12","sum(time_taken)":19642793}
{"endtime":"2021-04-22T11:22:07.279652Z","timestamp":"2021-04-22T11:22:07.279652Z","count":2,"dest_ip":"10.0.1.12","status":404}
{"endtime":"2021-04-22T11:22:07.279652Z","timestamp":"2021-04-22T11:22:07.279652Z","count":3,"dest_ip":"10.0.1.12","status":304}
{"endtime":"2021-04-22T11:22:07.279652Z","timestamp":"2021-04-22T11:22:07.279652Z","count":6,"dest_ip":"10.0.1.12","status":303}
{"endtime":"2021-04-22T11:22:07.279652Z","timestamp":"2021-04-22T11:22:07.279652Z","count":1,"dest_ip":"10.0.1.12","status":301}
{"endtime":"2021-04-22T11:22:07.279652Z","timestamp":"2021-04-22T11:22:07.279652Z","count":6,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:22:07.279652Z","timestamp":"2021-04-22T11:22:07.279652Z","count":134,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":404,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/launcher/data/ui/prefs/home","sum(bytes_in)":731,"sum(bytes_out)":768,"sum(time_taken)":527}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":404,"uri_path":"/en-GB/splunkd/__raw/services/dmc-conf/settings/settings","sum(bytes_in)":722,"sum(bytes_out)":748,"sum(time_taken)":25540}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":304,"uri_path":"/en-GB/config","sum(bytes_in)":1904,"sum(bytes_out)":564,"sum(time_taken)":50604}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/static/fonts/splunkicons-regular-webfont.woff","sum(bytes_in)":798,"sum(bytes_out)":765,"sum(time_taken)":66}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/static/fonts/roboto-regular-webfont.woff","sum(bytes_in)":793,"sum(bytes_out)":750,"sum(time_taken)":971}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/static/fonts/roboto-light-webfont.woff","sum(bytes_in)":791,"sum(bytes_out)":744,"sum(time_taken)":110}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/static/fonts/roboto-bold-webfont.woff","sum(bytes_in)":790,"sum(bytes_out)":741,"sum(time_taken)":83}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/en-GB/app/launcher","sum(bytes_in)":725,"sum(bytes_out)":594,"sum(time_taken)":131939}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/en-GB/","sum(bytes_in)":713,"sum(bytes_out)":586,"sum(time_taken)":51784}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":301,"uri_path":"/en-GB","sum(bytes_in)":712,"sum(bytes_out)":552,"sum(time_taken)":36202}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs","sum(bytes_in)":5403,"sum(bytes_out)":2792,"sum(time_taken)":15851}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs","sum(bytes_in)":4746,"sum(bytes_out)":2700,"sum(time_taken)":16725}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/static/fonts/roboto-bold-webfont.woff","sum(bytes_in)":796,"sum(bytes_out)":116142,"sum(time_taken)":120594}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/static/@FAB67257C0E63681CC9B3E737456463A9FACB8167BCEE1CB349925B3A410A303:307/app/splunk_app_stream/js/built/streams.js","sum(bytes_in)":669,"sum(bytes_out)":166913,"sum(time_taken)":188216}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/instrumentation_controller/instrumentation_eligibility","sum(bytes_in)":780,"sum(bytes_out)":966,"sum(time_taken)":21803}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general","sum(bytes_in)":751,"sum(bytes_out)":1581,"sum(time_taken)":771}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_attack_range_reporting/data/ui/views/attack_range_main_dashboard","sum(bytes_in)":776,"sum(bytes_out)":3567,"sum(time_taken)":1931}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/timeline_app/static/appIcon.png","sum(bytes_in)":674,"sum(bytes_out)":1349,"sum(time_taken)":26079}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/status_indicator_app/static/appIcon.png","sum(bytes_in)":682,"sum(bytes_out)":2055,"sum(time_taken)":284}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_ta_o365/static/appIcon.png","sum(bytes_in)":676,"sum(bytes_out)":3798,"sum(time_taken)":338}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/static/appIcon.png","sum(bytes_in)":691,"sum(bytes_out)":2398,"sum(time_taken)":26800}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619090526.60","sum(bytes_in)":821,"sum(bytes_out)":2102,"sum(time_taken)":2269}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619090526.59","sum(bytes_in)":822,"sum(bytes_out)":1848,"sum(time_taken)":1717}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090526.61/results_preview","sum(bytes_in)":3700,"sum(bytes_out)":3128,"sum(time_taken)":11504}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090526.61","sum(bytes_in)":824,"sum(bytes_out)":1951,"sum(time_taken)":1633}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/scheduled/views/attack_range_main_dashboard","sum(bytes_in)":777,"sum(bytes_out)":1542,"sum(time_taken)":2546}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/user-prefs/general_default","sum(bytes_in)":765,"sum(bytes_out)":1314,"sum(time_taken)":527}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/visualizations","sum(bytes_in)":806,"sum(bytes_out)":6959,"sum(time_taken)":29048}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/views/attack_range_main_dashboard","sum(bytes_in)":775,"sum(bytes_out)":3565,"sum(time_taken)":29686}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/ui-tour","sum(bytes_in)":1516,"sum(bytes_out)":10710,"sum(time_taken)":27650}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/times","sum(bytes_in)":1529,"sum(bytes_out)":5294,"sum(time_taken)":3267}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/alerts/alert_actions","sum(bytes_in)":874,"sum(bytes_out)":3080,"sum(time_taken)":29576}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/static/appLogo.png","sum(bytes_in)":679,"sum(bytes_out)":2795,"sum(time_taken)":26605}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/static/appIcon.png","sum(bytes_in)":679,"sum(bytes_out)":2795,"sum(time_taken)":380}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619090514.58/results","sum(bytes_in)":1003,"sum(bytes_out)":1738,"sum(time_taken)":2629}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619090514.58","sum(bytes_in)":785,"sum(bytes_out)":1876,"sum(time_taken)":1562}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619090503.57/results","sum(bytes_in)":1003,"sum(bytes_out)":1738,"sum(time_taken)":2283}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619090503.57","sum(bytes_in)":785,"sum(bytes_out)":1877,"sum(time_taken)":1426}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619090491.56/results","sum(bytes_in)":1003,"sum(bytes_out)":1731,"sum(time_taken)":2350}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619090491.56","sum(bytes_in)":785,"sum(bytes_out)":1876,"sum(time_taken)":3179}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/views","sum(bytes_in)":753,"sum(bytes_out)":5876,"sum(time_taken)":33724}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/ui-tour","sum(bytes_in)":746,"sum(bytes_out)":5344,"sum(time_taken)":29827}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/nav","sum(bytes_in)":733,"sum(bytes_out)":1566,"sum(time_taken)":482}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appIcon.png","sum(bytes_in)":668,"sum(bytes_out)":3798,"sum(time_taken)":25587}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/ui-tour","sum(bytes_in)":735,"sum(bytes_out)":5342,"sum(time_taken)":29775}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/punchcard_app/static/appIcon.png","sum(bytes_in)":675,"sum(bytes_out)":2164,"sum(time_taken)":310}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/launcher/data/ui/ui-tour","sum(bytes_in)":737,"sum(bytes_out)":5347,"sum(time_taken)":30113}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_nix/static/appIcon.png","sum(bytes_in)":675,"sum(bytes_out)":5411,"sum(time_taken)":455}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws/static/appIcon.png","sum(bytes_in)":675,"sum(bytes_out)":2353,"sum(time_taken)":25928}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws-kinesis-firehose/static/appIcon.png","sum(bytes_in)":692,"sum(bytes_out)":1600,"sum(time_taken)":348}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_Security_Essentials/static/appIcon.png","sum(bytes_in)":688,"sum(bytes_out)":3933,"sum(time_taken)":524}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ML_Toolkit/static/appIcon.png","sum(bytes_in)":679,"sum(bytes_out)":2227,"sum(time_taken)":413}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ASX/static/appIcon.png","sum(bytes_in)":672,"sum(bytes_out)":4289,"sum(time_taken)":25656}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/DA-ESS-ContentUpdate/static/appIcon.png","sum(bytes_in)":682,"sum(bytes_out)":4289,"sum(time_taken)":307}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/nav","sum(bytes_in)":726,"sum(bytes_out)":5004,"sum(time_taken)":34091}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/manager","sum(bytes_in)":2214,"sum(bytes_out)":30730,"sum(time_taken)":78035}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/apps/local","sum(bytes_in)":3108,"sum(bytes_out)":25620,"sum(time_taken)":98725}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/info/server-info","sum(bytes_in)":719,"sum(bytes_out)":1876,"sum(time_taken)":1012}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":3585,"sum(bytes_out)":5733,"sum(time_taken)":2950}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619090514.58/control","sum(bytes_in)":937,"sum(bytes_out)":750,"sum(time_taken)":1705}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619090503.57/control","sum(bytes_in)":1875,"sum(bytes_out)":1502,"sum(time_taken)":3829}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619090491.56/control","sum(bytes_in)":1875,"sum(bytes_out)":1502,"sum(time_taken)":3200}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__httpErrors_1619090484.30/results_preview","sum(bytes_in)":4567,"sum(bytes_out)":4358,"sum(time_taken)":20802}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__dnsErrors_1619090484.34/results_preview","sum(bytes_in)":920,"sum(bytes_out)":1072,"sum(time_taken)":2125}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090526.61/results_preview","sum(bytes_in)":1747,"sum(bytes_out)":1564,"sum(time_taken)":5726}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":7,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs","sum(bytes_in)":5576,"sum(bytes_out)":22510,"sum(time_taken)":96254}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/saved/searches/_new","sum(bytes_in)":1430,"sum(bytes_out)":14252,"sum(time_taken)":34862}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":3040,"sum(bytes_out)":3832,"sum(time_taken)":890}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/user-prefs/general","sum(bytes_in)":2157,"sum(bytes_out)":4487,"sum(time_taken)":2067}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/ui/prefs/_new","sum(bytes_in)":714,"sum(bytes_out)":1908,"sum(time_taken)":769}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/indexes","sum(bytes_in)":700,"sum(bytes_out)":4493,"sum(time_taken)":35522}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/configs/conf-web/settings","sum(bytes_in)":2884,"sum(bytes_out)":11555,"sum(time_taken)":20818}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/authorization/roles","sum(bytes_in)":723,"sum(bytes_out)":2648,"sum(time_taken)":1171}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/authentication/users/admin","sum(bytes_in)":2166,"sum(bytes_out)":6653,"sum(time_taken)":3044}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/apps/local/splunk_app_stream","sum(bytes_in)":724,"sum(bytes_out)":1466,"sum(time_taken)":2077}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/vocabularies","sum(bytes_in)":1354,"sum(bytes_out)":71568,"sum(time_taken)":139647}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/streams/http","sum(bytes_in)":17604,"sum(bytes_out)":35953,"sum(time_taken)":242336}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/streams","sum(bytes_in)":1383,"sum(bytes_out)":757744,"sum(time_taken)":2315883}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/config","sum(bytes_in)":661,"sum(bytes_out)":1324,"sum(time_taken)":50434}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/splunk_attack_range_reporting/attack_range_main_dashboard","sum(bytes_in)":865,"sum(bytes_out)":4597,"sum(time_taken)":181163}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/splunk_app_stream/streams","sum(bytes_in)":742,"sum(bytes_out)":2171,"sum(time_taken)":171841}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/launcher/home","sum(bytes_in)":730,"sum(bytes_out)":2047,"sum(time_taken)":141773}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":3,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/vocabularies/","sum(bytes_in)":525,"sum(bytes_out)":738036,"sum(time_taken)":1101133}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":3,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/streams/","sum(bytes_in)":665,"sum(bytes_out)":1394951,"sum(time_taken)":2691951}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":14,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":2338,"sum(bytes_out)":13958,"sum(time_taken)":5211519}
{"endtime":"2021-04-22T11:22:07.279682Z","timestamp":"2021-04-22T11:22:07.279682Z","count":3,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/","sum(bytes_in)":543,"sum(bytes_out)":2478,"sum(time_taken)":5844935}
{"endtime":"2021-04-22T11:23:05.042947Z","timestamp":"2021-04-22T11:23:05.042947Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.usertrust.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D","sum(bytes_in)":233,"sum(bytes_out)":389,"sum(time_taken)":41830}
{"endtime":"2021-04-22T11:23:05.042947Z","timestamp":"2021-04-22T11:23:05.042947Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.intel.com","status":200,"uri_path":"/MFQwUjBQME4wTDAJBgUrDgMCGgUABBT1Za4BFGmV4BD09OmrDjjl2Yt8JgQUssBnplaNJ3kQdMP1xaWJZtbxLjYCE1YAAAd7R4x2ya%2FK%2FK8AAAAAB3s%3D","sum(bytes_in)":238,"sum(bytes_out)":390,"sum(time_taken)":42602}
{"endtime":"2021-04-22T11:23:05.042947Z","timestamp":"2021-04-22T11:23:05.042947Z","count":2,"dest_ip":"151.139.128.14","status":200}
{"endtime":"2021-04-22T11:23:05.042947Z","timestamp":"2021-04-22T11:23:05.042947Z","count":2,"dest_ip":"151.139.128.14","sum(time_taken)":84432}
{"endtime":"2021-04-22T11:23:05.042947Z","timestamp":"2021-04-22T11:23:05.042947Z","count":2,"c_ip":"10.0.1.14","sum(bytes_in)":471,"sum(bytes_out)":779,"sum(time_taken)":84432}
{"endtime":"2021-04-22T11:23:08.169489Z","timestamp":"2021-04-22T11:23:08.169489Z","count":4,"dest_ip":"88.221.62.148","site":"go.microsoft.com","status":302,"uri_path":"/fwlink/","sum(bytes_in)":7168,"sum(bytes_out)":1184,"sum(time_taken)":7829}
{"endtime":"2021-04-22T11:23:08.169489Z","timestamp":"2021-04-22T11:23:08.169489Z","count":3,"dest_ip":"20.54.64.202","site":"dmd.metaservices.microsoft.com","status":200,"uri_path":"/metadata.svc","sum(bytes_in)":5559,"sum(bytes_out)":6282,"sum(time_taken)":76040}
{"endtime":"2021-04-22T11:23:08.169489Z","timestamp":"2021-04-22T11:23:08.169489Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":744,"sum(bytes_out)":1581,"sum(time_taken)":669}
{"endtime":"2021-04-22T11:23:08.169489Z","timestamp":"2021-04-22T11:23:08.169489Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":202,"sum(bytes_out)":237,"sum(time_taken)":272}
{"endtime":"2021-04-22T11:23:08.169489Z","timestamp":"2021-04-22T11:23:08.169489Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.usertrust.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D","sum(bytes_in)":233,"sum(bytes_out)":389,"sum(time_taken)":41849}
{"endtime":"2021-04-22T11:23:08.169489Z","timestamp":"2021-04-22T11:23:08.169489Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.intel.com","status":200,"uri_path":"/MFQwUjBQME4wTDAJBgUrDgMCGgUABBT1Za4BFGmV4BD09OmrDjjl2Yt8JgQUssBnplaNJ3kQdMP1xaWJZtbxLjYCE1YAAAd7R4x2ya%2FK%2FK8AAAAAB3s%3D","sum(bytes_in)":238,"sum(bytes_out)":390,"sum(time_taken)":42607}
{"endtime":"2021-04-22T11:23:08.169489Z","timestamp":"2021-04-22T11:23:08.169489Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3943929}
{"endtime":"2021-04-22T11:23:08.169489Z","timestamp":"2021-04-22T11:23:08.169489Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/","sum(bytes_in)":181,"sum(bytes_out)":826,"sum(time_taken)":1965321}
{"endtime":"2021-04-22T11:23:08.169467Z","timestamp":"2021-04-22T11:23:08.169467Z","count":4,"dest_ip":"88.221.62.148","status":302}
{"endtime":"2021-04-22T11:23:08.169467Z","timestamp":"2021-04-22T11:23:08.169467Z","count":3,"dest_ip":"20.54.64.202","status":200}
{"endtime":"2021-04-22T11:23:08.169467Z","timestamp":"2021-04-22T11:23:08.169467Z","count":3,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:23:08.169467Z","timestamp":"2021-04-22T11:23:08.169467Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:23:08.169467Z","timestamp":"2021-04-22T11:23:08.169467Z","count":2,"dest_ip":"151.139.128.14","status":200}
{"endtime":"2021-04-22T11:23:08.169467Z","timestamp":"2021-04-22T11:23:08.169467Z","count":12,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:23:08.169445Z","timestamp":"2021-04-22T11:23:08.169445Z","count":4,"dest_ip":"88.221.62.148","sum(time_taken)":7829}
{"endtime":"2021-04-22T11:23:08.169445Z","timestamp":"2021-04-22T11:23:08.169445Z","count":3,"dest_ip":"20.54.64.202","sum(time_taken)":76040}
{"endtime":"2021-04-22T11:23:08.169445Z","timestamp":"2021-04-22T11:23:08.169445Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":941}
{"endtime":"2021-04-22T11:23:08.169445Z","timestamp":"2021-04-22T11:23:08.169445Z","count":2,"dest_ip":"151.139.128.14","sum(time_taken)":84456}
{"endtime":"2021-04-22T11:23:08.169445Z","timestamp":"2021-04-22T11:23:08.169445Z","count":12,"dest_ip":"10.0.1.12","sum(time_taken)":5909250}
{"endtime":"2021-04-22T11:23:08.169432Z","timestamp":"2021-04-22T11:23:08.169432Z","count":4,"c_ip":"10.0.1.18","sum(bytes_in)":946,"sum(bytes_out)":1818,"sum(time_taken)":941}
{"endtime":"2021-04-22T11:23:08.169432Z","timestamp":"2021-04-22T11:23:08.169432Z","count":21,"c_ip":"10.0.1.14","sum(bytes_in)":15216,"sum(bytes_out)":20038,"sum(time_taken)":6077575}
{"endtime":"2021-04-22T11:23:08.183683Z","timestamp":"2021-04-22T11:23:08.183683Z","count":44,"c_ip":"46.128.24.64","sum(bytes_in)":38231,"sum(bytes_out)":43138,"sum(time_taken)":105583}
{"endtime":"2021-04-22T11:23:08.183683Z","timestamp":"2021-04-22T11:23:08.183683Z","count":15,"c_ip":"10.0.1.18","sum(bytes_in)":2591,"sum(bytes_out)":723865,"sum(time_taken)":5522557}
{"endtime":"2021-04-22T11:23:08.183683Z","timestamp":"2021-04-22T11:23:08.183683Z","count":13,"c_ip":"10.0.1.15","sum(bytes_in)":2245,"sum(bytes_out)":721871,"sum(time_taken)":4681753}
{"endtime":"2021-04-22T11:23:08.183683Z","timestamp":"2021-04-22T11:23:08.183683Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3943909}
{"endtime":"2021-04-22T11:23:08.183683Z","timestamp":"2021-04-22T11:23:08.183683Z","count":4,"c_ip":"10.0.1.12","sum(bytes_in)":946,"sum(bytes_out)":1812,"sum(time_taken)":3071}
{"endtime":"2021-04-22T11:23:08.183758Z","timestamp":"2021-04-22T11:23:08.183758Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":3071}
{"endtime":"2021-04-22T11:23:08.183758Z","timestamp":"2021-04-22T11:23:08.183758Z","count":83,"dest_ip":"10.0.1.12","sum(time_taken)":14253802}
{"endtime":"2021-04-22T11:23:08.183771Z","timestamp":"2021-04-22T11:23:08.183771Z","count":3,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:23:08.183771Z","timestamp":"2021-04-22T11:23:08.183771Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:23:08.183771Z","timestamp":"2021-04-22T11:23:08.183771Z","count":83,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":744,"sum(bytes_out)":1575,"sum(time_taken)":2037}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":202,"sum(bytes_out)":237,"sum(time_taken)":1034}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":3585,"sum(bytes_out)":5725,"sum(time_taken)":3377}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619090526.60/control","sum(bytes_in)":945,"sum(bytes_out)":750,"sum(time_taken)":1283}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":35,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090526.61/results_preview","sum(bytes_in)":31002,"sum(bytes_out)":29444,"sum(time_taken)":69949}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090526.61/control","sum(bytes_in)":948,"sum(bytes_out)":750,"sum(time_taken)":1149}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs","sum(bytes_in)":1751,"sum(bytes_out)":6469,"sum(time_taken)":29825}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":2,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/vocabularies/","sum(bytes_in)":350,"sum(bytes_out)":492024,"sum(time_taken)":726557}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":2,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/streams/","sum(bytes_in)":450,"sum(bytes_out)":930126,"sum(time_taken)":737959}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":32901,"sum(time_taken)":11955791}
{"endtime":"2021-04-22T11:23:08.183786Z","timestamp":"2021-04-22T11:23:08.183786Z","count":2,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/","sum(bytes_in)":362,"sum(bytes_out)":1652,"sum(time_taken)":727912}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAYGmcsGWniR1uyUGZ9KYEs%3D","sum(bytes_in)":238,"sum(bytes_out)":799,"sum(time_taken)":1739}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":4,"dest_ip":"88.221.62.148","site":"go.microsoft.com","status":302,"uri_path":"/fwlink/","sum(bytes_in)":7168,"sum(bytes_out)":1184,"sum(time_taken)":7728}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":3,"dest_ip":"20.54.64.202","site":"dmd.metaservices.microsoft.com","status":200,"uri_path":"/metadata.svc","sum(bytes_in)":5559,"sum(bytes_out)":6282,"sum(time_taken)":76118}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"2.16.107.73","site":"pki.intel.com","status":200,"uri_path":"/crl/IntelCA7B.crl","sum(bytes_in)":131,"sum(bytes_out)":1175,"sum(time_taken)":1470}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/meta-data/public-ipv4","sum(bytes_in)":153,"sum(bytes_out)":260,"sum(time_taken)":234}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/meta-data/placement/availability-zone","sum(bytes_in)":169,"sum(bytes_out)":261,"sum(time_taken)":228}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/meta-data/local-ipv4","sum(bytes_in)":152,"sum(bytes_out)":256,"sum(time_taken)":223}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/meta-data/instance-type","sum(bytes_in)":155,"sum(bytes_out)":258,"sum(time_taken)":230}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/meta-data/instance-id","sum(bytes_in)":153,"sum(bytes_out)":267,"sum(time_taken)":238}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":126,"sum(bytes_out)":237,"sum(time_taken)":405}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.usertrust.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D","sum(bytes_in)":276,"sum(bytes_out)":389,"sum(time_taken)":43566}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.intel.com","status":200,"uri_path":"/MFQwUjBQME4wTDAJBgUrDgMCGgUABBT1Za4BFGmV4BD09OmrDjjl2Yt8JgQUssBnplaNJ3kQdMP1xaWJZtbxLjYCE1YAAAd7R4x2ya%2FK%2FK8AAAAAB3s%3D","sum(bytes_in)":281,"sum(bytes_out)":390,"sum(time_taken)":43011}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.comodoca.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAabXpkncoTIdn8TaKfesPM%3D","sum(bytes_in)":234,"sum(bytes_out)":1173,"sum(time_taken)":6341}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"151.139.128.14","site":"crl.usertrust.com","status":200,"uri_path":"/AddTrustExternalCARoot.crl","sum(bytes_in)":144,"sum(bytes_out)":924,"sum(time_taken)":4417}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":4,"dest_ip":"88.221.62.148","status":302}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":3,"dest_ip":"20.54.64.202","status":200}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"2.16.107.73","status":200}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":6,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":4,"dest_ip":"151.139.128.14","status":200}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":1739}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":4,"dest_ip":"88.221.62.148","sum(time_taken)":7728}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":3,"dest_ip":"20.54.64.202","sum(time_taken)":76118}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":1,"dest_ip":"2.16.107.73","sum(time_taken)":1470}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":6,"dest_ip":"169.254.169.254","sum(time_taken)":1558}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":4,"dest_ip":"151.139.128.14","sum(time_taken)":97335}
{"endtime":"2021-04-22T11:24:05.178282Z","timestamp":"2021-04-22T11:24:05.178282Z","count":19,"c_ip":"10.0.1.14","sum(bytes_in)":14939,"sum(bytes_out)":13855,"sum(time_taken)":185948}
{"endtime":"2021-04-22T11:24:08.202893Z","timestamp":"2021-04-22T11:24:08.202893Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAYGmcsGWniR1uyUGZ9KYEs%3D","sum(bytes_in)":238,"sum(bytes_out)":799,"sum(time_taken)":1742}
{"endtime":"2021-04-22T11:24:08.202893Z","timestamp":"2021-04-22T11:24:08.202893Z","count":1,"dest_ip":"2.16.107.73","site":"pki.intel.com","status":200,"uri_path":"/crl/IntelCA7B.crl","sum(bytes_in)":131,"sum(bytes_out)":1175,"sum(time_taken)":1473}
{"endtime":"2021-04-22T11:24:08.202893Z","timestamp":"2021-04-22T11:24:08.202893Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.usertrust.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D","sum(bytes_in)":276,"sum(bytes_out)":389,"sum(time_taken)":43536}
{"endtime":"2021-04-22T11:24:08.202893Z","timestamp":"2021-04-22T11:24:08.202893Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.intel.com","status":200,"uri_path":"/MFQwUjBQME4wTDAJBgUrDgMCGgUABBT1Za4BFGmV4BD09OmrDjjl2Yt8JgQUssBnplaNJ3kQdMP1xaWJZtbxLjYCE1YAAAd7R4x2ya%2FK%2FK8AAAAAB3s%3D","sum(bytes_in)":281,"sum(bytes_out)":390,"sum(time_taken)":42967}
{"endtime":"2021-04-22T11:24:08.202893Z","timestamp":"2021-04-22T11:24:08.202893Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.comodoca.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAabXpkncoTIdn8TaKfesPM%3D","sum(bytes_in)":234,"sum(bytes_out)":1173,"sum(time_taken)":6364}
{"endtime":"2021-04-22T11:24:08.202893Z","timestamp":"2021-04-22T11:24:08.202893Z","count":1,"dest_ip":"151.139.128.14","site":"crl.usertrust.com","status":200,"uri_path":"/AddTrustExternalCARoot.crl","sum(bytes_in)":144,"sum(bytes_out)":924,"sum(time_taken)":4469}
{"endtime":"2021-04-22T11:24:08.202893Z","timestamp":"2021-04-22T11:24:08.202893Z","count":10,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1670,"sum(bytes_out)":9970,"sum(time_taken)":3577441}
{"endtime":"2021-04-22T11:24:08.202876Z","timestamp":"2021-04-22T11:24:08.202876Z","count":1,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:24:08.202876Z","timestamp":"2021-04-22T11:24:08.202876Z","count":1,"dest_ip":"2.16.107.73","status":200}
{"endtime":"2021-04-22T11:24:08.202876Z","timestamp":"2021-04-22T11:24:08.202876Z","count":4,"dest_ip":"151.139.128.14","status":200}
{"endtime":"2021-04-22T11:24:08.202876Z","timestamp":"2021-04-22T11:24:08.202876Z","count":10,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:24:08.202857Z","timestamp":"2021-04-22T11:24:08.202857Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":1742}
{"endtime":"2021-04-22T11:24:08.202857Z","timestamp":"2021-04-22T11:24:08.202857Z","count":1,"dest_ip":"2.16.107.73","sum(time_taken)":1473}
{"endtime":"2021-04-22T11:24:08.202857Z","timestamp":"2021-04-22T11:24:08.202857Z","count":4,"dest_ip":"151.139.128.14","sum(time_taken)":97336}
{"endtime":"2021-04-22T11:24:08.202857Z","timestamp":"2021-04-22T11:24:08.202857Z","count":10,"dest_ip":"10.0.1.12","sum(time_taken)":3577441}
{"endtime":"2021-04-22T11:24:08.202846Z","timestamp":"2021-04-22T11:24:08.202846Z","count":16,"c_ip":"10.0.1.14","sum(bytes_in)":2974,"sum(bytes_out)":14820,"sum(time_taken)":3677992}
{"endtime":"2021-04-22T11:24:08.214036Z","timestamp":"2021-04-22T11:24:08.214036Z","count":7,"c_ip":"46.128.24.64","sum(bytes_in)":5062,"sum(bytes_out)":7837,"sum(time_taken)":4504}
{"endtime":"2021-04-22T11:24:08.214036Z","timestamp":"2021-04-22T11:24:08.214036Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4018028}
{"endtime":"2021-04-22T11:24:08.214036Z","timestamp":"2021-04-22T11:24:08.214036Z","count":12,"c_ip":"10.0.1.15","sum(bytes_in)":2004,"sum(bytes_out)":11964,"sum(time_taken)":4294580}
{"endtime":"2021-04-22T11:24:08.214036Z","timestamp":"2021-04-22T11:24:08.214036Z","count":10,"c_ip":"10.0.1.14","sum(bytes_in)":1670,"sum(bytes_out)":9970,"sum(time_taken)":3577612}
{"endtime":"2021-04-22T11:24:08.214124Z","timestamp":"2021-04-22T11:24:08.214124Z","count":40,"dest_ip":"10.0.1.12","sum(time_taken)":11894724}
{"endtime":"2021-04-22T11:24:08.214132Z","timestamp":"2021-04-22T11:24:08.214132Z","count":40,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:24:08.214138Z","timestamp":"2021-04-22T11:24:08.214138Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":4302,"sum(bytes_out)":6879,"sum(time_taken)":3979}
{"endtime":"2021-04-22T11:24:08.214138Z","timestamp":"2021-04-22T11:24:08.214138Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":760,"sum(bytes_out)":958,"sum(time_taken)":525}
{"endtime":"2021-04-22T11:24:08.214138Z","timestamp":"2021-04-22T11:24:08.214138Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":32901,"sum(time_taken)":11890220}
{"endtime":"2021-04-22T11:25:05.260534Z","timestamp":"2021-04-22T11:25:05.260534Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D","sum(bytes_in)":236,"sum(bytes_out)":799,"sum(time_taken)":2162}
{"endtime":"2021-04-22T11:25:05.260534Z","timestamp":"2021-04-22T11:25:05.260534Z","count":1,"dest_ip":"20.54.64.202","site":"dmd.metaservices.microsoft.com","status":200,"uri_path":"/metadata.svc","sum(bytes_in)":1581,"sum(bytes_out)":2092,"sum(time_taken)":25182}
{"endtime":"2021-04-22T11:25:05.260534Z","timestamp":"2021-04-22T11:25:05.260534Z","count":1,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:25:05.260534Z","timestamp":"2021-04-22T11:25:05.260534Z","count":1,"dest_ip":"20.54.64.202","status":200}
{"endtime":"2021-04-22T11:25:05.260534Z","timestamp":"2021-04-22T11:25:05.260534Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":2162}
{"endtime":"2021-04-22T11:25:05.260534Z","timestamp":"2021-04-22T11:25:05.260534Z","count":1,"dest_ip":"20.54.64.202","sum(time_taken)":25182}
{"endtime":"2021-04-22T11:25:05.260534Z","timestamp":"2021-04-22T11:25:05.260534Z","count":2,"c_ip":"10.0.1.14","sum(bytes_in)":1817,"sum(bytes_out)":2891,"sum(time_taken)":27344}
{"endtime":"2021-04-22T11:25:08.216402Z","timestamp":"2021-04-22T11:25:08.216402Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D","sum(bytes_in)":236,"sum(bytes_out)":799,"sum(time_taken)":2172}
{"endtime":"2021-04-22T11:25:08.216402Z","timestamp":"2021-04-22T11:25:08.216402Z","count":1,"dest_ip":"20.54.64.202","site":"dmd.metaservices.microsoft.com","status":200,"uri_path":"/metadata.svc","sum(bytes_in)":1581,"sum(bytes_out)":2092,"sum(time_taken)":25271}
{"endtime":"2021-04-22T11:25:08.216402Z","timestamp":"2021-04-22T11:25:08.216402Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3966585}
{"endtime":"2021-04-22T11:25:08.216390Z","timestamp":"2021-04-22T11:25:08.216390Z","count":1,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:25:08.216390Z","timestamp":"2021-04-22T11:25:08.216390Z","count":1,"dest_ip":"20.54.64.202","status":200}
{"endtime":"2021-04-22T11:25:08.216390Z","timestamp":"2021-04-22T11:25:08.216390Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:25:08.216376Z","timestamp":"2021-04-22T11:25:08.216376Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":2172}
{"endtime":"2021-04-22T11:25:08.216376Z","timestamp":"2021-04-22T11:25:08.216376Z","count":1,"dest_ip":"20.54.64.202","sum(time_taken)":25271}
{"endtime":"2021-04-22T11:25:08.216376Z","timestamp":"2021-04-22T11:25:08.216376Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":3966585}
{"endtime":"2021-04-22T11:25:08.216366Z","timestamp":"2021-04-22T11:25:08.216366Z","count":13,"c_ip":"10.0.1.14","sum(bytes_in)":3654,"sum(bytes_out)":13858,"sum(time_taken)":3994028}
{"endtime":"2021-04-22T11:25:08.235020Z","timestamp":"2021-04-22T11:25:08.235020Z","count":7,"c_ip":"46.128.24.64","sum(bytes_in)":5062,"sum(bytes_out)":7845,"sum(time_taken)":5203}
{"endtime":"2021-04-22T11:25:08.235020Z","timestamp":"2021-04-22T11:25:08.235020Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3997906}
{"endtime":"2021-04-22T11:25:08.235020Z","timestamp":"2021-04-22T11:25:08.235020Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":9970,"sum(time_taken)":3585535}
{"endtime":"2021-04-22T11:25:08.235020Z","timestamp":"2021-04-22T11:25:08.235020Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3966477}
{"endtime":"2021-04-22T11:25:08.235108Z","timestamp":"2021-04-22T11:25:08.235108Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":11555121}
{"endtime":"2021-04-22T11:25:08.235116Z","timestamp":"2021-04-22T11:25:08.235116Z","count":39,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:25:08.235122Z","timestamp":"2021-04-22T11:25:08.235122Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":4302,"sum(bytes_out)":6887,"sum(time_taken)":4673}
{"endtime":"2021-04-22T11:25:08.235122Z","timestamp":"2021-04-22T11:25:08.235122Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":760,"sum(bytes_out)":958,"sum(time_taken)":530}
{"endtime":"2021-04-22T11:25:08.235122Z","timestamp":"2021-04-22T11:25:08.235122Z","count":32,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5344,"sum(bytes_out)":31904,"sum(time_taken)":11549918}
{"endtime":"2021-04-22T11:25:28.204298Z","timestamp":"2021-04-22T11:25:28.204298Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":750,"sum(bytes_out)":1575,"sum(time_taken)":1947}
{"endtime":"2021-04-22T11:25:28.204298Z","timestamp":"2021-04-22T11:25:28.204298Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":204,"sum(bytes_out)":237,"sum(time_taken)":1062}
{"endtime":"2021-04-22T11:25:28.204298Z","timestamp":"2021-04-22T11:25:28.204298Z","count":3,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:25:28.204298Z","timestamp":"2021-04-22T11:25:28.204298Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:25:28.204298Z","timestamp":"2021-04-22T11:25:28.204298Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":3009}
{"endtime":"2021-04-22T11:25:28.204298Z","timestamp":"2021-04-22T11:25:28.204298Z","count":4,"c_ip":"10.0.1.15","sum(bytes_in)":954,"sum(bytes_out)":1812,"sum(time_taken)":3009}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D","sum(bytes_in)":236,"sum(bytes_out)":799,"sum(time_taken)":3916}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":3,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/","sum(bytes_in)":1143,"sum(bytes_out)":2396,"sum(time_taken)":6616}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":750,"sum(bytes_out)":1581,"sum(time_taken)":721}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":204,"sum(bytes_out)":237,"sum(time_taken)":464}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":6,"dest_ip":"142.250.185.195","site":"ocsp.pki.goog","status":200,"uri_path":"/gts1o1core","sum(bytes_in)":2327,"sum(bytes_out)":4211,"sum(time_taken)":58275}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":4,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":3,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":6,"dest_ip":"142.250.185.195","status":200}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":4,"dest_ip":"93.184.220.29","sum(time_taken)":10532}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":1185}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":6,"dest_ip":"142.250.185.195","sum(time_taken)":58275}
{"endtime":"2021-04-22T11:26:06.195577Z","timestamp":"2021-04-22T11:26:06.195577Z","count":14,"c_ip":"10.0.1.14","sum(bytes_in)":4660,"sum(bytes_out)":9224,"sum(time_taken)":69992}
{"endtime":"2021-04-22T11:26:09.048878Z","timestamp":"2021-04-22T11:26:09.048878Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D","sum(bytes_in)":236,"sum(bytes_out)":799,"sum(time_taken)":3924}
{"endtime":"2021-04-22T11:26:09.048878Z","timestamp":"2021-04-22T11:26:09.048878Z","count":3,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/","sum(bytes_in)":1143,"sum(bytes_out)":2396,"sum(time_taken)":8948}
{"endtime":"2021-04-22T11:26:09.048878Z","timestamp":"2021-04-22T11:26:09.048878Z","count":6,"dest_ip":"142.250.185.195","site":"ocsp.pki.goog","status":200,"uri_path":"/gts1o1core","sum(bytes_in)":2327,"sum(bytes_out)":4211,"sum(time_taken)":54536}
{"endtime":"2021-04-22T11:26:09.048878Z","timestamp":"2021-04-22T11:26:09.048878Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3973860}
{"endtime":"2021-04-22T11:26:09.048865Z","timestamp":"2021-04-22T11:26:09.048865Z","count":4,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:26:09.048865Z","timestamp":"2021-04-22T11:26:09.048865Z","count":6,"dest_ip":"142.250.185.195","status":200}
{"endtime":"2021-04-22T11:26:09.048865Z","timestamp":"2021-04-22T11:26:09.048865Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:26:09.048849Z","timestamp":"2021-04-22T11:26:09.048849Z","count":4,"dest_ip":"93.184.220.29","sum(time_taken)":12872}
{"endtime":"2021-04-22T11:26:09.048849Z","timestamp":"2021-04-22T11:26:09.048849Z","count":6,"dest_ip":"142.250.185.195","sum(time_taken)":54536}
{"endtime":"2021-04-22T11:26:09.048849Z","timestamp":"2021-04-22T11:26:09.048849Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":3973860}
{"endtime":"2021-04-22T11:26:09.048796Z","timestamp":"2021-04-22T11:26:09.048796Z","count":21,"c_ip":"10.0.1.14","sum(bytes_in)":5543,"sum(bytes_out)":18373,"sum(time_taken)":4041268}
{"endtime":"2021-04-22T11:26:09.071376Z","timestamp":"2021-04-22T11:26:09.071376Z","count":7,"c_ip":"46.128.24.64","sum(bytes_in)":5097,"sum(bytes_out)":7873,"sum(time_taken)":4568}
{"endtime":"2021-04-22T11:26:09.071376Z","timestamp":"2021-04-22T11:26:09.071376Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4067307}
{"endtime":"2021-04-22T11:26:09.071376Z","timestamp":"2021-04-22T11:26:09.071376Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3948613}
{"endtime":"2021-04-22T11:26:09.071376Z","timestamp":"2021-04-22T11:26:09.071376Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3973755}
{"endtime":"2021-04-22T11:26:09.071461Z","timestamp":"2021-04-22T11:26:09.071461Z","count":40,"dest_ip":"10.0.1.12","sum(time_taken)":11994243}
{"endtime":"2021-04-22T11:26:09.071469Z","timestamp":"2021-04-22T11:26:09.071469Z","count":40,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:26:09.071476Z","timestamp":"2021-04-22T11:26:09.071476Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":4332,"sum(bytes_out)":6910,"sum(time_taken)":4083}
{"endtime":"2021-04-22T11:26:09.071476Z","timestamp":"2021-04-22T11:26:09.071476Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":765,"sum(bytes_out)":963,"sum(time_taken)":485}
{"endtime":"2021-04-22T11:26:09.071476Z","timestamp":"2021-04-22T11:26:09.071476Z","count":33,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5511,"sum(bytes_out)":32901,"sum(time_taken)":11989675}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEA3etT%2BVczf76vmMSmFbFJ0%3D","sum(bytes_in)":236,"sum(bytes_out)":799,"sum(time_taken)":1490}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":7,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/","sum(bytes_in)":2667,"sum(bytes_out)":5593,"sum(time_taken)":24072}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":2,"dest_ip":"34.107.221.82","site":"detectportal.firefox.com","status":200,"uri_path":"/success.txt","sum(bytes_in)":601,"sum(bytes_out)":440,"sum(time_taken)":12540}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":3,"dest_ip":"2.22.117.227","site":"r3.o.lencr.org","status":200,"uri_path":"/","sum(bytes_in)":1140,"sum(bytes_out)":2667,"sum(time_taken)":5110}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":5,"dest_ip":"151.139.128.14","site":"ocsp.sectigo.com","status":200,"uri_path":"/","sum(bytes_in)":1904,"sum(bytes_out)":4587,"sum(time_taken)":21201}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":8,"dest_ip":"142.250.185.195","site":"ocsp.pki.goog","status":200,"uri_path":"/gts1o1core","sum(bytes_in)":3101,"sum(bytes_out)":5613,"sum(time_taken)":83183}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":3,"dest_ip":"13.32.23.35","site":"ocsp.sca1b.amazontrust.com","status":200,"uri_path":"/","sum(bytes_in)":1170,"sum(bytes_out)":3018,"sum(time_taken)":361522}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":2,"dest_ip":"104.18.21.226","site":"ocsp2.globalsign.com","status":200,"uri_path":"/gsalphasha2g2","sum(bytes_in)":786,"sum(bytes_out)":4402,"sum(time_taken)":39287}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":8,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":2,"dest_ip":"34.107.221.82","status":200}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":3,"dest_ip":"2.22.117.227","status":200}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":5,"dest_ip":"151.139.128.14","status":200}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":8,"dest_ip":"142.250.185.195","status":200}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":3,"dest_ip":"13.32.23.35","status":200}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":2,"dest_ip":"104.18.21.226","status":200}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":8,"dest_ip":"93.184.220.29","sum(time_taken)":25562}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":2,"dest_ip":"34.107.221.82","sum(time_taken)":12540}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":3,"dest_ip":"2.22.117.227","sum(time_taken)":5110}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":5,"dest_ip":"151.139.128.14","sum(time_taken)":21201}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":8,"dest_ip":"142.250.185.195","sum(time_taken)":83183}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":3,"dest_ip":"13.32.23.35","sum(time_taken)":361522}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":2,"dest_ip":"104.18.21.226","sum(time_taken)":39287}
{"endtime":"2021-04-22T11:27:07.056090Z","timestamp":"2021-04-22T11:27:07.056090Z","count":31,"c_ip":"10.0.1.14","sum(bytes_in)":11605,"sum(bytes_out)":27119,"sum(time_taken)":548405}
{"endtime":"2021-04-22T11:27:09.078909Z","timestamp":"2021-04-22T11:27:09.078909Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEA3etT%2BVczf76vmMSmFbFJ0%3D","sum(bytes_in)":236,"sum(bytes_out)":799,"sum(time_taken)":1461}
{"endtime":"2021-04-22T11:27:09.078909Z","timestamp":"2021-04-22T11:27:09.078909Z","count":7,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/","sum(bytes_in)":2667,"sum(bytes_out)":5593,"sum(time_taken)":11478}
{"endtime":"2021-04-22T11:27:09.078909Z","timestamp":"2021-04-22T11:27:09.078909Z","count":2,"dest_ip":"34.107.221.82","site":"detectportal.firefox.com","status":200,"uri_path":"/success.txt","sum(bytes_in)":601,"sum(bytes_out)":440,"sum(time_taken)":11358}
{"endtime":"2021-04-22T11:27:09.078909Z","timestamp":"2021-04-22T11:27:09.078909Z","count":3,"dest_ip":"2.22.117.227","site":"r3.o.lencr.org","status":200,"uri_path":"/","sum(bytes_in)":1140,"sum(bytes_out)":2667,"sum(time_taken)":4236}
{"endtime":"2021-04-22T11:27:09.078909Z","timestamp":"2021-04-22T11:27:09.078909Z","count":5,"dest_ip":"151.139.128.14","site":"ocsp.sectigo.com","status":200,"uri_path":"/","sum(bytes_in)":1904,"sum(bytes_out)":4587,"sum(time_taken)":19968}
{"endtime":"2021-04-22T11:27:09.078909Z","timestamp":"2021-04-22T11:27:09.078909Z","count":8,"dest_ip":"142.250.185.195","site":"ocsp.pki.goog","status":200,"uri_path":"/gts1o1core","sum(bytes_in)":3101,"sum(bytes_out)":5613,"sum(time_taken)":73863}
{"endtime":"2021-04-22T11:27:09.078909Z","timestamp":"2021-04-22T11:27:09.078909Z","count":3,"dest_ip":"13.32.23.35","site":"ocsp.sca1b.amazontrust.com","status":200,"uri_path":"/","sum(bytes_in)":1170,"sum(bytes_out)":3018,"sum(time_taken)":358434}
{"endtime":"2021-04-22T11:27:09.078909Z","timestamp":"2021-04-22T11:27:09.078909Z","count":2,"dest_ip":"104.18.21.226","site":"ocsp2.globalsign.com","status":200,"uri_path":"/gsalphasha2g2","sum(bytes_in)":786,"sum(bytes_out)":4402,"sum(time_taken)":38150}
{"endtime":"2021-04-22T11:27:09.078909Z","timestamp":"2021-04-22T11:27:09.078909Z","count":11,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3958499}
{"endtime":"2021-04-22T11:27:09.078878Z","timestamp":"2021-04-22T11:27:09.078878Z","count":8,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:27:09.078878Z","timestamp":"2021-04-22T11:27:09.078878Z","count":2,"dest_ip":"34.107.221.82","status":200}
{"endtime":"2021-04-22T11:27:09.078878Z","timestamp":"2021-04-22T11:27:09.078878Z","count":3,"dest_ip":"2.22.117.227","status":200}
{"endtime":"2021-04-22T11:27:09.078878Z","timestamp":"2021-04-22T11:27:09.078878Z","count":5,"dest_ip":"151.139.128.14","status":200}
{"endtime":"2021-04-22T11:27:09.078878Z","timestamp":"2021-04-22T11:27:09.078878Z","count":8,"dest_ip":"142.250.185.195","status":200}
{"endtime":"2021-04-22T11:27:09.078878Z","timestamp":"2021-04-22T11:27:09.078878Z","count":3,"dest_ip":"13.32.23.35","status":200}
{"endtime":"2021-04-22T11:27:09.078878Z","timestamp":"2021-04-22T11:27:09.078878Z","count":2,"dest_ip":"104.18.21.226","status":200}
{"endtime":"2021-04-22T11:27:09.078878Z","timestamp":"2021-04-22T11:27:09.078878Z","count":11,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:27:09.078841Z","timestamp":"2021-04-22T11:27:09.078841Z","count":8,"dest_ip":"93.184.220.29","sum(time_taken)":12939}
{"endtime":"2021-04-22T11:27:09.078841Z","timestamp":"2021-04-22T11:27:09.078841Z","count":2,"dest_ip":"34.107.221.82","sum(time_taken)":11358}
{"endtime":"2021-04-22T11:27:09.078841Z","timestamp":"2021-04-22T11:27:09.078841Z","count":3,"dest_ip":"2.22.117.227","sum(time_taken)":4236}
{"endtime":"2021-04-22T11:27:09.078841Z","timestamp":"2021-04-22T11:27:09.078841Z","count":5,"dest_ip":"151.139.128.14","sum(time_taken)":19968}
{"endtime":"2021-04-22T11:27:09.078841Z","timestamp":"2021-04-22T11:27:09.078841Z","count":8,"dest_ip":"142.250.185.195","sum(time_taken)":73863}
{"endtime":"2021-04-22T11:27:09.078841Z","timestamp":"2021-04-22T11:27:09.078841Z","count":3,"dest_ip":"13.32.23.35","sum(time_taken)":358434}
{"endtime":"2021-04-22T11:27:09.078841Z","timestamp":"2021-04-22T11:27:09.078841Z","count":2,"dest_ip":"104.18.21.226","sum(time_taken)":38150}
{"endtime":"2021-04-22T11:27:09.078841Z","timestamp":"2021-04-22T11:27:09.078841Z","count":11,"dest_ip":"10.0.1.12","sum(time_taken)":3958499}
{"endtime":"2021-04-22T11:27:09.078805Z","timestamp":"2021-04-22T11:27:09.078805Z","count":42,"c_ip":"10.0.1.14","sum(bytes_in)":13442,"sum(bytes_out)":38086,"sum(time_taken)":4477447}
{"endtime":"2021-04-22T11:27:09.105586Z","timestamp":"2021-04-22T11:27:09.105586Z","count":7,"c_ip":"46.128.24.64","sum(bytes_in)":5097,"sum(bytes_out)":7871,"sum(time_taken)":4398}
{"endtime":"2021-04-22T11:27:09.105586Z","timestamp":"2021-04-22T11:27:09.105586Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4014431}
{"endtime":"2021-04-22T11:27:09.105586Z","timestamp":"2021-04-22T11:27:09.105586Z","count":12,"c_ip":"10.0.1.15","sum(bytes_in)":2004,"sum(bytes_out)":11964,"sum(time_taken)":4298584}
{"endtime":"2021-04-22T11:27:09.105586Z","timestamp":"2021-04-22T11:27:09.105586Z","count":11,"c_ip":"10.0.1.14","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3958879}
{"endtime":"2021-04-22T11:27:09.105672Z","timestamp":"2021-04-22T11:27:09.105672Z","count":41,"dest_ip":"10.0.1.12","sum(time_taken)":12276292}
{"endtime":"2021-04-22T11:27:09.105680Z","timestamp":"2021-04-22T11:27:09.105680Z","count":41,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:27:09.105687Z","timestamp":"2021-04-22T11:27:09.105687Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":4332,"sum(bytes_out)":6908,"sum(time_taken)":3924}
{"endtime":"2021-04-22T11:27:09.105687Z","timestamp":"2021-04-22T11:27:09.105687Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":765,"sum(bytes_out)":963,"sum(time_taken)":474}
{"endtime":"2021-04-22T11:27:09.105687Z","timestamp":"2021-04-22T11:27:09.105687Z","count":34,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":5678,"sum(bytes_out)":33898,"sum(time_taken)":12271894}
{"endtime":"2021-04-22T11:28:09.092218Z","timestamp":"2021-04-22T11:28:09.092218Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/","sum(bytes_in)":381,"sum(bytes_out)":799,"sum(time_taken)":1417}
{"endtime":"2021-04-22T11:28:09.092218Z","timestamp":"2021-04-22T11:28:09.092218Z","count":1,"dest_ip":"192.124.249.24","site":"ocsp.godaddy.com","status":200,"uri_path":"/","sum(bytes_in)":373,"sum(bytes_out)":2288,"sum(time_taken)":15947}
{"endtime":"2021-04-22T11:28:09.092218Z","timestamp":"2021-04-22T11:28:09.092218Z","count":2,"dest_ip":"151.139.128.14","site":"ocsp.usertrust.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEB2iSDBvmyYY0ILgln0z02o%3D","sum(bytes_in)":470,"sum(bytes_out)":2344,"sum(time_taken)":7969}
{"endtime":"2021-04-22T11:28:09.092218Z","timestamp":"2021-04-22T11:28:09.092218Z","count":2,"dest_ip":"151.139.128.14","site":"ocsp.sectigo.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ5suEceKjAJbxseAmHFkQ9FrhTWQQUDuE6qFM6MdWKvsG7rWcaA4WtNA4CEALM2Z99VWwTzocQxp0Jsxo%3D","sum(bytes_in)":462,"sum(bytes_out)":1908,"sum(time_taken)":8594}
{"endtime":"2021-04-22T11:28:09.092218Z","timestamp":"2021-04-22T11:28:09.092218Z","count":2,"dest_ip":"151.139.128.14","site":"ocsp.sectigo.com","status":200,"uri_path":"/","sum(bytes_in)":760,"sum(bytes_out)":1832,"sum(time_taken)":8644}
{"endtime":"2021-04-22T11:28:09.092218Z","timestamp":"2021-04-22T11:28:09.092218Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.comodoca.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEG3UcusCrgQG492EP1%2FhReE%3D","sum(bytes_in)":236,"sum(bytes_out)":1173,"sum(time_taken)":5398}
{"endtime":"2021-04-22T11:28:09.092218Z","timestamp":"2021-04-22T11:28:09.092218Z","count":1,"dest_ip":"142.250.185.195","site":"ocsp.pki.goog","status":200,"uri_path":"/gts1o1core","sum(bytes_in)":387,"sum(bytes_out)":701,"sum(time_taken)":9380}
{"endtime":"2021-04-22T11:28:09.092218Z","timestamp":"2021-04-22T11:28:09.092218Z","count":4,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":668,"sum(bytes_out)":3988,"sum(time_taken)":1442052}
{"endtime":"2021-04-22T11:28:09.092199Z","timestamp":"2021-04-22T11:28:09.092199Z","count":1,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:28:09.092199Z","timestamp":"2021-04-22T11:28:09.092199Z","count":1,"dest_ip":"192.124.249.24","status":200}
{"endtime":"2021-04-22T11:28:09.092199Z","timestamp":"2021-04-22T11:28:09.092199Z","count":7,"dest_ip":"151.139.128.14","status":200}
{"endtime":"2021-04-22T11:28:09.092199Z","timestamp":"2021-04-22T11:28:09.092199Z","count":1,"dest_ip":"142.250.185.195","status":200}
{"endtime":"2021-04-22T11:28:09.092199Z","timestamp":"2021-04-22T11:28:09.092199Z","count":4,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:28:09.092174Z","timestamp":"2021-04-22T11:28:09.092174Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":1417}
{"endtime":"2021-04-22T11:28:09.092174Z","timestamp":"2021-04-22T11:28:09.092174Z","count":1,"dest_ip":"192.124.249.24","sum(time_taken)":15947}
{"endtime":"2021-04-22T11:28:09.092174Z","timestamp":"2021-04-22T11:28:09.092174Z","count":7,"dest_ip":"151.139.128.14","sum(time_taken)":30605}
{"endtime":"2021-04-22T11:28:09.092174Z","timestamp":"2021-04-22T11:28:09.092174Z","count":1,"dest_ip":"142.250.185.195","sum(time_taken)":9380}
{"endtime":"2021-04-22T11:28:09.092174Z","timestamp":"2021-04-22T11:28:09.092174Z","count":4,"dest_ip":"10.0.1.12","sum(time_taken)":1442052}
{"endtime":"2021-04-22T11:28:09.092121Z","timestamp":"2021-04-22T11:28:09.092121Z","count":14,"c_ip":"10.0.1.14","sum(bytes_in)":3737,"sum(bytes_out)":15033,"sum(time_taken)":1499401}
{"endtime":"2021-04-22T11:28:09.122501Z","timestamp":"2021-04-22T11:28:09.122501Z","count":13,"c_ip":"46.128.24.64","sum(bytes_in)":10603,"sum(bytes_out)":12646,"sum(time_taken)":41016}
{"endtime":"2021-04-22T11:28:09.122501Z","timestamp":"2021-04-22T11:28:09.122501Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3997266}
{"endtime":"2021-04-22T11:28:09.122501Z","timestamp":"2021-04-22T11:28:09.122501Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3953393}
{"endtime":"2021-04-22T11:28:09.122501Z","timestamp":"2021-04-22T11:28:09.122501Z","count":4,"c_ip":"10.0.1.14","sum(bytes_in)":668,"sum(bytes_out)":3988,"sum(time_taken)":1442133}
{"endtime":"2021-04-22T11:28:09.122577Z","timestamp":"2021-04-22T11:28:09.122577Z","count":39,"dest_ip":"10.0.1.12","sum(time_taken)":9433808}
{"endtime":"2021-04-22T11:28:09.122584Z","timestamp":"2021-04-22T11:28:09.122584Z","count":39,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:28:09.122591Z","timestamp":"2021-04-22T11:28:09.122591Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":4332,"sum(bytes_out)":6912,"sum(time_taken)":4198}
{"endtime":"2021-04-22T11:28:09.122591Z","timestamp":"2021-04-22T11:28:09.122591Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619090526.60/control","sum(bytes_in)":950,"sum(bytes_out)":755,"sum(time_taken)":28580}
{"endtime":"2021-04-22T11:28:09.122591Z","timestamp":"2021-04-22T11:28:09.122591Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619090526.59/control","sum(bytes_in)":1897,"sum(bytes_out)":1505,"sum(time_taken)":3057}
{"endtime":"2021-04-22T11:28:09.122591Z","timestamp":"2021-04-22T11:28:09.122591Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090526.61/results_preview","sum(bytes_in)":2659,"sum(bytes_out)":2511,"sum(time_taken)":4718}
{"endtime":"2021-04-22T11:28:09.122591Z","timestamp":"2021-04-22T11:28:09.122591Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":765,"sum(bytes_out)":963,"sum(time_taken)":463}
{"endtime":"2021-04-22T11:28:09.122591Z","timestamp":"2021-04-22T11:28:09.122591Z","count":26,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":4342,"sum(bytes_out)":25922,"sum(time_taken)":9392792}
{"endtime":"2021-04-22T11:29:09.132625Z","timestamp":"2021-04-22T11:29:09.132625Z","count":1,"dest_ip":"93.184.220.29","site":"status.thawte.com","status":200,"uri_path":"/","sum(bytes_in)":381,"sum(bytes_out)":799,"sum(time_taken)":1721}
{"endtime":"2021-04-22T11:29:09.132625Z","timestamp":"2021-04-22T11:29:09.132625Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAE0JZKgAQyxEJwRwFGc%2FSQ%3D","sum(bytes_in)":236,"sum(bytes_out)":799,"sum(time_taken)":3796}
{"endtime":"2021-04-22T11:29:09.132625Z","timestamp":"2021-04-22T11:29:09.132625Z","count":4,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/","sum(bytes_in)":1524,"sum(bytes_out)":3196,"sum(time_taken)":5673}
{"endtime":"2021-04-22T11:29:09.132625Z","timestamp":"2021-04-22T11:29:09.132625Z","count":2,"dest_ip":"34.107.221.82","site":"detectportal.firefox.com","status":200,"uri_path":"/success.txt","sum(bytes_in)":601,"sum(bytes_out)":440,"sum(time_taken)":3002}
{"endtime":"2021-04-22T11:29:09.132625Z","timestamp":"2021-04-22T11:29:09.132625Z","count":1,"dest_ip":"2.22.117.227","site":"r3.o.lencr.org","status":200,"uri_path":"/","sum(bytes_in)":380,"sum(bytes_out)":889,"sum(time_taken)":1752}
{"endtime":"2021-04-22T11:29:09.132625Z","timestamp":"2021-04-22T11:29:09.132625Z","count":1,"dest_ip":"151.139.128.14","site":"ocsp.comodoca.com","status":200,"uri_path":"/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRXzFDqgcxizGsL1BkUc1gIwekZcAQU34%2FzIAzpyqYE2FtYNyo9q0bcg0kCEQDubfL8tUqLWAxyr4G0ZEca","sum(bytes_in)":232,"sum(bytes_out)":955,"sum(time_taken)":4577}
{"endtime":"2021-04-22T11:29:09.132625Z","timestamp":"2021-04-22T11:29:09.132625Z","count":5,"dest_ip":"142.250.185.195","site":"ocsp.pki.goog","status":200,"uri_path":"/gts1o1core","sum(bytes_in)":1939,"sum(bytes_out)":3509,"sum(time_taken)":54730}
{"endtime":"2021-04-22T11:29:09.132625Z","timestamp":"2021-04-22T11:29:09.132625Z","count":1,"dest_ip":"13.32.23.35","site":"ocsp.sca1b.amazontrust.com","status":200,"uri_path":"/","sum(bytes_in)":390,"sum(bytes_out)":1006,"sum(time_taken)":88018}
{"endtime":"2021-04-22T11:29:09.132625Z","timestamp":"2021-04-22T11:29:09.132625Z","count":3,"dest_ip":"104.18.21.226","site":"ocsp2.globalsign.com","status":200,"uri_path":"/gsalphasha2g2","sum(bytes_in)":1179,"sum(bytes_out)":6603,"sum(time_taken)":65026}
{"endtime":"2021-04-22T11:29:09.132598Z","timestamp":"2021-04-22T11:29:09.132598Z","count":6,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:29:09.132598Z","timestamp":"2021-04-22T11:29:09.132598Z","count":2,"dest_ip":"34.107.221.82","status":200}
{"endtime":"2021-04-22T11:29:09.132598Z","timestamp":"2021-04-22T11:29:09.132598Z","count":1,"dest_ip":"2.22.117.227","status":200}
{"endtime":"2021-04-22T11:29:09.132598Z","timestamp":"2021-04-22T11:29:09.132598Z","count":1,"dest_ip":"151.139.128.14","status":200}
{"endtime":"2021-04-22T11:29:09.132598Z","timestamp":"2021-04-22T11:29:09.132598Z","count":5,"dest_ip":"142.250.185.195","status":200}
{"endtime":"2021-04-22T11:29:09.132598Z","timestamp":"2021-04-22T11:29:09.132598Z","count":1,"dest_ip":"13.32.23.35","status":200}
{"endtime":"2021-04-22T11:29:09.132598Z","timestamp":"2021-04-22T11:29:09.132598Z","count":3,"dest_ip":"104.18.21.226","status":200}
{"endtime":"2021-04-22T11:29:09.132565Z","timestamp":"2021-04-22T11:29:09.132565Z","count":6,"dest_ip":"93.184.220.29","sum(time_taken)":11190}
{"endtime":"2021-04-22T11:29:09.132565Z","timestamp":"2021-04-22T11:29:09.132565Z","count":2,"dest_ip":"34.107.221.82","sum(time_taken)":3002}
{"endtime":"2021-04-22T11:29:09.132565Z","timestamp":"2021-04-22T11:29:09.132565Z","count":1,"dest_ip":"2.22.117.227","sum(time_taken)":1752}
{"endtime":"2021-04-22T11:29:09.132565Z","timestamp":"2021-04-22T11:29:09.132565Z","count":1,"dest_ip":"151.139.128.14","sum(time_taken)":4577}
{"endtime":"2021-04-22T11:29:09.132565Z","timestamp":"2021-04-22T11:29:09.132565Z","count":5,"dest_ip":"142.250.185.195","sum(time_taken)":54730}
{"endtime":"2021-04-22T11:29:09.132565Z","timestamp":"2021-04-22T11:29:09.132565Z","count":1,"dest_ip":"13.32.23.35","sum(time_taken)":88018}
{"endtime":"2021-04-22T11:29:09.132565Z","timestamp":"2021-04-22T11:29:09.132565Z","count":3,"dest_ip":"104.18.21.226","sum(time_taken)":65026}
{"endtime":"2021-04-22T11:29:09.132523Z","timestamp":"2021-04-22T11:29:09.132523Z","count":19,"c_ip":"10.0.1.14","sum(bytes_in)":6862,"sum(bytes_out)":18196,"sum(time_taken)":228295}
{"endtime":"2021-04-22T11:29:09.150388Z","timestamp":"2021-04-22T11:29:09.150388Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4025192}
{"endtime":"2021-04-22T11:29:09.150388Z","timestamp":"2021-04-22T11:29:09.150388Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3980113}
{"endtime":"2021-04-22T11:29:09.150469Z","timestamp":"2021-04-22T11:29:09.150469Z","count":22,"dest_ip":"10.0.1.12","sum(time_taken)":8005305}
{"endtime":"2021-04-22T11:29:09.150477Z","timestamp":"2021-04-22T11:29:09.150477Z","count":22,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:29:09.150483Z","timestamp":"2021-04-22T11:29:09.150483Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":21934,"sum(time_taken)":8005305}
{"endtime":"2021-04-22T11:29:27.151170Z","timestamp":"2021-04-22T11:29:27.151170Z","count":1,"dest_ip":"93.184.221.240","site":"download.windowsupdate.com","status":200,"uri_path":"/SIH/amd64/siheng_20170518.cab","sum(bytes_in)":190,"sum(bytes_out)":40364,"sum(time_taken)":2156}
{"endtime":"2021-04-22T11:29:27.151170Z","timestamp":"2021-04-22T11:29:27.151170Z","count":1,"dest_ip":"93.184.221.240","status":200}
{"endtime":"2021-04-22T11:29:27.151170Z","timestamp":"2021-04-22T11:29:27.151170Z","count":1,"dest_ip":"93.184.221.240","sum(time_taken)":2156}
{"endtime":"2021-04-22T11:29:27.151170Z","timestamp":"2021-04-22T11:29:27.151170Z","count":1,"c_ip":"10.0.1.15","sum(bytes_in)":190,"sum(bytes_out)":40364,"sum(time_taken)":2156}
{"endtime":"2021-04-22T11:30:09.173815Z","timestamp":"2021-04-22T11:30:09.173815Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D","sum(bytes_in)":238,"sum(bytes_out)":1836,"sum(time_taken)":2081}
{"endtime":"2021-04-22T11:30:09.173810Z","timestamp":"2021-04-22T11:30:09.173810Z","count":1,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:30:09.173803Z","timestamp":"2021-04-22T11:30:09.173803Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":2081}
{"endtime":"2021-04-22T11:30:09.173773Z","timestamp":"2021-04-22T11:30:09.173773Z","count":1,"c_ip":"10.0.1.14","sum(bytes_in)":238,"sum(bytes_out)":1836,"sum(time_taken)":2081}
{"endtime":"2021-04-22T11:30:09.192959Z","timestamp":"2021-04-22T11:30:09.192959Z","count":3,"c_ip":"46.128.24.64","sum(bytes_in)":2252,"sum(bytes_out)":3083,"sum(time_taken)":1473}
{"endtime":"2021-04-22T11:30:09.192959Z","timestamp":"2021-04-22T11:30:09.192959Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4025957}
{"endtime":"2021-04-22T11:30:09.192959Z","timestamp":"2021-04-22T11:30:09.192959Z","count":12,"c_ip":"10.0.1.15","sum(bytes_in)":2004,"sum(bytes_out)":11964,"sum(time_taken)":4291078}
{"endtime":"2021-04-22T11:30:09.193030Z","timestamp":"2021-04-22T11:30:09.193030Z","count":26,"dest_ip":"10.0.1.12","sum(time_taken)":8318508}
{"endtime":"2021-04-22T11:30:09.193038Z","timestamp":"2021-04-22T11:30:09.193038Z","count":26,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:30:09.193045Z","timestamp":"2021-04-22T11:30:09.193045Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":722,"sum(bytes_out)":1152,"sum(time_taken)":606}
{"endtime":"2021-04-22T11:30:09.193045Z","timestamp":"2021-04-22T11:30:09.193045Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1530,"sum(bytes_out)":1931,"sum(time_taken)":867}
{"endtime":"2021-04-22T11:30:09.193045Z","timestamp":"2021-04-22T11:30:09.193045Z","count":23,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3841,"sum(bytes_out)":22931,"sum(time_taken)":8317035}
{"endtime":"2021-04-22T11:31:09.188547Z","timestamp":"2021-04-22T11:31:09.188547Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/","sum(bytes_in)":381,"sum(bytes_out)":799,"sum(time_taken)":1419}
{"endtime":"2021-04-22T11:31:09.188547Z","timestamp":"2021-04-22T11:31:09.188547Z","count":1,"dest_ip":"172.217.23.99","site":"ocsp.pki.goog","status":200,"uri_path":"/gts1o1","sum(bytes_in)":383,"sum(bytes_out)":701,"sum(time_taken)":35421}
{"endtime":"2021-04-22T11:31:09.188547Z","timestamp":"2021-04-22T11:31:09.188547Z","count":4,"dest_ip":"10.0.1.16","site":"10.0.1.16","status":200,"uri_path":"/gi6/CINCINNATI-PC_W617601.723196F318E04CC68194F403520850B8/90","sum(bytes_in)":20520,"sum(bytes_out)":780,"sum(time_taken)":4017}
{"endtime":"2021-04-22T11:31:09.188547Z","timestamp":"2021-04-22T11:31:09.188547Z","count":4,"dest_ip":"10.0.1.16","site":"10.0.1.16","status":200,"uri_path":"/foo","sum(bytes_in)":1112,"sum(bytes_out)":548,"sum(time_taken)":357597}
{"endtime":"2021-04-22T11:31:09.188535Z","timestamp":"2021-04-22T11:31:09.188535Z","count":1,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:31:09.188535Z","timestamp":"2021-04-22T11:31:09.188535Z","count":1,"dest_ip":"172.217.23.99","status":200}
{"endtime":"2021-04-22T11:31:09.188535Z","timestamp":"2021-04-22T11:31:09.188535Z","count":8,"dest_ip":"10.0.1.16","status":200}
{"endtime":"2021-04-22T11:31:09.188518Z","timestamp":"2021-04-22T11:31:09.188518Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":1419}
{"endtime":"2021-04-22T11:31:09.188518Z","timestamp":"2021-04-22T11:31:09.188518Z","count":1,"dest_ip":"172.217.23.99","sum(time_taken)":35421}
{"endtime":"2021-04-22T11:31:09.188518Z","timestamp":"2021-04-22T11:31:09.188518Z","count":8,"dest_ip":"10.0.1.16","sum(time_taken)":361614}
{"endtime":"2021-04-22T11:31:09.188489Z","timestamp":"2021-04-22T11:31:09.188489Z","count":10,"c_ip":"10.0.1.14","sum(bytes_in)":22396,"sum(bytes_out)":2828,"sum(time_taken)":398454}
{"endtime":"2021-04-22T11:31:09.212893Z","timestamp":"2021-04-22T11:31:09.212893Z","count":107,"c_ip":"46.128.24.64","sum(bytes_in)":90734,"sum(bytes_out)":556283,"sum(time_taken)":2094219}
{"endtime":"2021-04-22T11:31:09.212893Z","timestamp":"2021-04-22T11:31:09.212893Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3998444}
{"endtime":"2021-04-22T11:31:09.212893Z","timestamp":"2021-04-22T11:31:09.212893Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3947473}
{"endtime":"2021-04-22T11:31:09.212960Z","timestamp":"2021-04-22T11:31:09.212960Z","count":129,"dest_ip":"10.0.1.12","sum(time_taken)":10040136}
{"endtime":"2021-04-22T11:31:09.212968Z","timestamp":"2021-04-22T11:31:09.212968Z","count":1,"dest_ip":"10.0.1.12","status":404}
{"endtime":"2021-04-22T11:31:09.212968Z","timestamp":"2021-04-22T11:31:09.212968Z","count":1,"dest_ip":"10.0.1.12","status":304}
{"endtime":"2021-04-22T11:31:09.212968Z","timestamp":"2021-04-22T11:31:09.212968Z","count":1,"dest_ip":"10.0.1.12","status":303}
{"endtime":"2021-04-22T11:31:09.212968Z","timestamp":"2021-04-22T11:31:09.212968Z","count":5,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:31:09.212968Z","timestamp":"2021-04-22T11:31:09.212968Z","count":121,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":404,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search","sum(bytes_in)":741,"sum(bytes_out)":780,"sum(time_taken)":29000}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":304,"uri_path":"/en-GB/config","sum(bytes_in)":671,"sum(bytes_out)":188,"sum(time_taken)":24057}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/en-GB/app/search/","sum(bytes_in)":734,"sum(bytes_out)":592,"sum(time_taken)":159785}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs","sum(bytes_in)":5049,"sum(bytes_out)":3176,"sum(time_taken)":15229}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/ui-tour","sum(bytes_in)":3030,"sum(bytes_out)":2095,"sum(time_taken)":5693}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/static/@a1a6394cc5ae/js/contrib/ace-editor/theme-spl-light.js","sum(bytes_in)":622,"sum(bytes_out)":1020,"sum(time_taken)":4220}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/static/@a1a6394cc5ae/build/pages/enterprise/76.js","sum(bytes_in)":610,"sum(bytes_out)":3188,"sum(time_taken)":34105}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/static/@a1a6394cc5ae/build/pages/enterprise/71.js","sum(bytes_in)":610,"sum(bytes_out)":49531,"sum(time_taken)":101434}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/static/@FAB67257C0E63681CC9B3E737456463A9FACB8167BCEE1CB349925B3A410A303/build/pages/enterprise/search.js","sum(bytes_in)":666,"sum(bytes_out)":77758,"sum(time_taken)":131284}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/static/@000/fonts/inconsolata-regular.woff","sum(bytes_in)":786,"sum(bytes_out)":33088,"sum(time_taken)":59523}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/instrumentation_controller/instrumentation_eligibility","sum(bytes_in)":790,"sum(bytes_out)":976,"sum(time_taken)":244967}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general","sum(bytes_in)":761,"sum(bytes_out)":1592,"sum(time_taken)":635}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091037.64","sum(bytes_in)":4518,"sum(bytes_out)":12139,"sum(time_taken)":10742}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091063.72/summary","sum(bytes_in)":766,"sum(bytes_out)":2685,"sum(time_taken)":4907}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091063.72/events","sum(bytes_in)":978,"sum(bytes_out)":3466,"sum(time_taken)":35877}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091063.72","sum(bytes_in)":1494,"sum(bytes_out)":4388,"sum(time_taken)":3948}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091053.71/summary","sum(bytes_in)":2298,"sum(bytes_out)":20070,"sum(time_taken)":25664}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091053.71/events","sum(bytes_in)":1956,"sum(bytes_out)":6060,"sum(time_taken)":67976}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091053.71","sum(bytes_in)":2241,"sum(bytes_out)":6653,"sum(time_taken)":6220}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091045.70/summary","sum(bytes_in)":1532,"sum(bytes_out)":1684,"sum(time_taken)":8903}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091045.70/events","sum(bytes_in)":2934,"sum(bytes_out)":7177,"sum(time_taken)":48014}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091045.70","sum(bytes_in)":3735,"sum(bytes_out)":10276,"sum(time_taken)":9356}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/user-prefs/data/user-prefs/general","sum(bytes_in)":2610,"sum(bytes_out)":3201,"sum(time_taken)":2709}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/system/data/ui/ui-tour/search-tour","sum(bytes_in)":748,"sum(bytes_out)":2214,"sum(time_taken)":1626}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appLogo.png","sum(bytes_in)":678,"sum(bytes_out)":766,"sum(time_taken)":27814}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appIcon.png","sum(bytes_in)":678,"sum(bytes_out)":3808,"sum(time_taken)":453}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/rt_md_1619091037.64/results_preview","sum(bytes_in)":2595,"sum(bytes_out)":2736,"sum(time_taken)":18049}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/rt_md_1619091037.64","sum(bytes_in)":752,"sum(bytes_out)":1508,"sum(time_taken)":1520}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091063.72","sum(bytes_in)":746,"sum(bytes_out)":1774,"sum(time_taken)":1612}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091053.71","sum(bytes_in)":746,"sum(bytes_out)":1754,"sum(time_taken)":1703}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091045.70","sum(bytes_in)":746,"sum(bytes_out)":1684,"sum(time_taken)":1542}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser","sum(bytes_in)":1997,"sum(bytes_out)":1772,"sum(time_taken)":8697}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","sum(bytes_in)":2220,"sum(bytes_out)":21405,"sum(time_taken)":68535}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/workflow-actions","sum(bytes_in)":792,"sum(bytes_out)":6511,"sum(time_taken)":39635}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/visualizations","sum(bytes_in)":822,"sum(bytes_out)":6951,"sum(time_taken)":33856}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/ui-tour/search-tour","sum(bytes_in)":3773,"sum(bytes_out)":4283,"sum(time_taken)":5590}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/ui-tour/_new","sum(bytes_in)":741,"sum(bytes_out)":1341,"sum(time_taken)":2081}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/ui-tour","sum(bytes_in)":745,"sum(bytes_out)":5352,"sum(time_taken)":27795}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/times","sum(bytes_in)":743,"sum(bytes_out)":2629,"sum(time_taken)":2064}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/configs/conf-searchbnf","sum(bytes_in)":751,"sum(bytes_out)":129279,"sum(time_taken)":163216}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/manager","sum(bytes_in)":748,"sum(bytes_out)":10254,"sum(time_taken)":15344}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/apps/local","sum(bytes_in)":782,"sum(bytes_out)":6971,"sum(time_taken)":36298}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/workloads/status","sum(bytes_in)":722,"sum(bytes_out)":1247,"sum(time_taken)":422}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":4357,"sum(bytes_out)":6938,"sum(time_taken)":4297}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":10,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":7693,"sum(bytes_out)":7695,"sum(time_taken)":2882}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":7,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/shelper","sum(bytes_in)":6138,"sum(bytes_out)":54957,"sum(time_taken)":352166}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/rt_md_1619091037.64","sum(bytes_in)":797,"sum(bytes_out)":762,"sum(time_taken)":1317}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619090526.61/control","sum(bytes_in)":953,"sum(bytes_out)":755,"sum(time_taken)":1833}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091053.71/timeline","sum(bytes_in)":743,"sum(bytes_out)":1082,"sum(time_taken)":1427}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091045.70/timeline","sum(bytes_in)":743,"sum(bytes_out)":1083,"sum(time_taken)":1742}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1540,"sum(bytes_out)":1936,"sum(time_taken)":660}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/user-prefs/general","sum(bytes_in)":729,"sum(bytes_out)":1624,"sum(time_taken)":521}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/ui/ui-tour/_new","sum(bytes_in)":726,"sum(bytes_out)":1344,"sum(time_taken)":648}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/ui/prefs/_new","sum(bytes_in)":724,"sum(bytes_out)":1919,"sum(time_taken)":689}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/configs/conf-web/settings","sum(bytes_in)":1462,"sum(bytes_out)":5800,"sum(time_taken)":39391}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/authentication/users/admin","sum(bytes_in)":732,"sum(bytes_out)":2229,"sum(time_taken)":28988}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/search/search","sum(bytes_in)":740,"sum(bytes_out)":2137,"sum(time_taken)":165558}
{"endtime":"2021-04-22T11:31:09.212993Z","timestamp":"2021-04-22T11:31:09.212993Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":21934,"sum(time_taken)":7945917}
{"endtime":"2021-04-22T11:31:17.038777Z","timestamp":"2021-04-22T11:31:17.038777Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D","sum(bytes_in)":236,"sum(bytes_out)":799,"sum(time_taken)":1456}
{"endtime":"2021-04-22T11:31:17.038777Z","timestamp":"2021-04-22T11:31:17.038777Z","count":1,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:31:17.038777Z","timestamp":"2021-04-22T11:31:17.038777Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":1456}
{"endtime":"2021-04-22T11:31:17.038777Z","timestamp":"2021-04-22T11:31:17.038777Z","count":1,"c_ip":"10.0.1.15","sum(bytes_in)":236,"sum(bytes_out)":799,"sum(time_taken)":1456}
{"endtime":"2021-04-22T11:32:09.203664Z","timestamp":"2021-04-22T11:32:09.203664Z","count":1,"dest_ip":"2.16.218.169","site":"ciscobinary.openh264.org","status":200,"uri_path":"/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip","sum(bytes_in)":303,"sum(bytes_out)":373127,"sum(time_taken)":4888}
{"endtime":"2021-04-22T11:32:09.203659Z","timestamp":"2021-04-22T11:32:09.203659Z","count":1,"dest_ip":"2.16.218.169","status":200}
{"endtime":"2021-04-22T11:32:09.203653Z","timestamp":"2021-04-22T11:32:09.203653Z","count":1,"dest_ip":"2.16.218.169","sum(time_taken)":4888}
{"endtime":"2021-04-22T11:32:09.203622Z","timestamp":"2021-04-22T11:32:09.203622Z","count":1,"c_ip":"10.0.1.14","sum(bytes_in)":303,"sum(bytes_out)":373127,"sum(time_taken)":4888}
{"endtime":"2021-04-22T11:32:09.240323Z","timestamp":"2021-04-22T11:32:09.240323Z","count":54,"c_ip":"46.128.24.64","sum(bytes_in)":44491,"sum(bytes_out)":137692,"sum(time_taken)":539332}
{"endtime":"2021-04-22T11:32:09.240323Z","timestamp":"2021-04-22T11:32:09.240323Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3998424}
{"endtime":"2021-04-22T11:32:09.240323Z","timestamp":"2021-04-22T11:32:09.240323Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3954143}
{"endtime":"2021-04-22T11:32:09.240374Z","timestamp":"2021-04-22T11:32:09.240374Z","count":76,"dest_ip":"10.0.1.12","sum(time_taken)":8491899}
{"endtime":"2021-04-22T11:32:09.240382Z","timestamp":"2021-04-22T11:32:09.240382Z","count":3,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:32:09.240382Z","timestamp":"2021-04-22T11:32:09.240382Z","count":73,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs","sum(bytes_in)":4186,"sum(bytes_out)":2373,"sum(time_taken)":7960}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091091.75/summary","sum(bytes_in)":2300,"sum(bytes_out)":8997,"sum(time_taken)":97782}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091091.75/events","sum(bytes_in)":1956,"sum(bytes_out)":9496,"sum(time_taken)":43187}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091091.75/control","sum(bytes_in)":1818,"sum(bytes_out)":1520,"sum(time_taken)":3334}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091091.75","sum(bytes_in)":2241,"sum(bytes_out)":6636,"sum(time_taken)":6178}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091080.74/summary","sum(bytes_in)":2298,"sum(bytes_out)":8997,"sum(time_taken)":44908}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091080.74/events","sum(bytes_in)":1956,"sum(bytes_out)":9496,"sum(time_taken)":43451}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091080.74","sum(bytes_in)":2241,"sum(bytes_out)":6643,"sum(time_taken)":6122}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091072.73/summary","sum(bytes_in)":2298,"sum(bytes_out)":9003,"sum(time_taken)":19726}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091072.73/events","sum(bytes_in)":1956,"sum(bytes_out)":8914,"sum(time_taken)":71446}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091072.73","sum(bytes_in)":2241,"sum(bytes_out)":6640,"sum(time_taken)":5990}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091091.75","sum(bytes_in)":746,"sum(bytes_out)":1755,"sum(time_taken)":1590}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091080.74","sum(bytes_in)":746,"sum(bytes_out)":1758,"sum(time_taken)":1695}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091072.73","sum(bytes_in)":746,"sum(bytes_out)":1759,"sum(time_taken)":1692}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","sum(bytes_in)":2220,"sum(bytes_out)":21403,"sum(time_taken)":68326}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":4362,"sum(bytes_out)":6943,"sum(time_taken)":4195}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":4668,"sum(bytes_out)":4659,"sum(time_taken)":1995}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/shelper","sum(bytes_in)":1770,"sum(bytes_out)":15406,"sum(time_taken)":103704}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091091.75/timeline","sum(bytes_in)":743,"sum(bytes_out)":1082,"sum(time_taken)":1401}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091080.74/timeline","sum(bytes_in)":743,"sum(bytes_out)":1082,"sum(time_taken)":1541}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091072.73/timeline","sum(bytes_in)":743,"sum(bytes_out)":1082,"sum(time_taken)":1436}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091063.72/timeline","sum(bytes_in)":743,"sum(bytes_out)":1080,"sum(time_taken)":1449}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":770,"sum(bytes_out)":968,"sum(time_taken)":224}
{"endtime":"2021-04-22T11:32:09.240395Z","timestamp":"2021-04-22T11:32:09.240395Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":21934,"sum(time_taken)":7952567}
{"endtime":"2021-04-22T11:33:10.175554Z","timestamp":"2021-04-22T11:33:10.175554Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":744,"sum(bytes_out)":1581,"sum(time_taken)":750}
{"endtime":"2021-04-22T11:33:10.175554Z","timestamp":"2021-04-22T11:33:10.175554Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":202,"sum(bytes_out)":237,"sum(time_taken)":307}
{"endtime":"2021-04-22T11:33:10.175554Z","timestamp":"2021-04-22T11:33:10.175554Z","count":1,"dest_ip":"10.0.1.16","site":"10.0.1.16","status":200,"uri_path":"/gi6/CINCINNATI-PC_W617601.723196F318E04CC68194F403520850B8/90","sum(bytes_in)":5108,"sum(bytes_out)":195,"sum(time_taken)":935}
{"endtime":"2021-04-22T11:33:10.175554Z","timestamp":"2021-04-22T11:33:10.175554Z","count":1,"dest_ip":"10.0.1.16","site":"10.0.1.16","status":200,"uri_path":"/foo","sum(bytes_in)":256,"sum(bytes_out)":137,"sum(time_taken)":962}
{"endtime":"2021-04-22T11:33:10.175542Z","timestamp":"2021-04-22T11:33:10.175542Z","count":3,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:33:10.175542Z","timestamp":"2021-04-22T11:33:10.175542Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:33:10.175542Z","timestamp":"2021-04-22T11:33:10.175542Z","count":2,"dest_ip":"10.0.1.16","status":200}
{"endtime":"2021-04-22T11:33:10.175532Z","timestamp":"2021-04-22T11:33:10.175532Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":1057}
{"endtime":"2021-04-22T11:33:10.175532Z","timestamp":"2021-04-22T11:33:10.175532Z","count":2,"dest_ip":"10.0.1.16","sum(time_taken)":1897}
{"endtime":"2021-04-22T11:33:10.175499Z","timestamp":"2021-04-22T11:33:10.175499Z","count":4,"c_ip":"10.0.1.18","sum(bytes_in)":946,"sum(bytes_out)":1818,"sum(time_taken)":1057}
{"endtime":"2021-04-22T11:33:10.175499Z","timestamp":"2021-04-22T11:33:10.175499Z","count":2,"c_ip":"10.0.1.14","sum(bytes_in)":5364,"sum(bytes_out)":332,"sum(time_taken)":1897}
{"endtime":"2021-04-22T11:33:10.192334Z","timestamp":"2021-04-22T11:33:10.192334Z","count":196,"c_ip":"46.128.24.64","sum(bytes_in)":170317,"sum(bytes_out)":1349380,"sum(time_taken)":2916585}
{"endtime":"2021-04-22T11:33:10.192334Z","timestamp":"2021-04-22T11:33:10.192334Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4205732}
{"endtime":"2021-04-22T11:33:10.192334Z","timestamp":"2021-04-22T11:33:10.192334Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4110676}
{"endtime":"2021-04-22T11:33:10.192334Z","timestamp":"2021-04-22T11:33:10.192334Z","count":4,"c_ip":"10.0.1.12","sum(bytes_in)":946,"sum(bytes_out)":1812,"sum(time_taken)":2997}
{"endtime":"2021-04-22T11:33:10.192424Z","timestamp":"2021-04-22T11:33:10.192424Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":2997}
{"endtime":"2021-04-22T11:33:10.192424Z","timestamp":"2021-04-22T11:33:10.192424Z","count":218,"dest_ip":"10.0.1.12","sum(time_taken)":11232993}
{"endtime":"2021-04-22T11:33:10.192436Z","timestamp":"2021-04-22T11:33:10.192436Z","count":3,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:33:10.192436Z","timestamp":"2021-04-22T11:33:10.192436Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:33:10.192436Z","timestamp":"2021-04-22T11:33:10.192436Z","count":3,"dest_ip":"10.0.1.12","status":304}
{"endtime":"2021-04-22T11:33:10.192436Z","timestamp":"2021-04-22T11:33:10.192436Z","count":8,"dest_ip":"10.0.1.12","status":303}
{"endtime":"2021-04-22T11:33:10.192436Z","timestamp":"2021-04-22T11:33:10.192436Z","count":16,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:33:10.192436Z","timestamp":"2021-04-22T11:33:10.192436Z","count":191,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__avgResponseTimesSM_1619091163.80","sum(bytes_in)":814,"sum(bytes_out)":1780,"sum(time_taken)":1533}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/splunk_app_stream/streams","sum(bytes_in)":752,"sum(bytes_out)":2171,"sum(time_taken)":143605}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__RMD5e0579a4af9f25881_1619091164.87/results","sum(bytes_in)":1039,"sum(bytes_out)":951,"sum(time_taken)":1732}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__domainTableSM_1619091164.88/results_preview","sum(bytes_in)":863,"sum(bytes_out)":1134,"sum(time_taken)":2055}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__RMD5e0579a4af9f25881_1619091164.87","sum(bytes_in)":816,"sum(bytes_out)":1682,"sum(time_taken)":1492}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/scheduled/views/info_overview","sum(bytes_in)":761,"sum(bytes_out)":1539,"sum(time_taken)":2741}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/views/info_overview","sum(bytes_in)":759,"sum(bytes_out)":1439,"sum(time_taken)":1657}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/views","sum(bytes_in)":763,"sum(bytes_out)":5886,"sum(time_taken)":29874}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__dnsActivitySM_1619091163.81/results_preview","sum(bytes_in)":867,"sum(bytes_out)":1074,"sum(time_taken)":1711}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/punchcard_app/static/appIconAlt.png","sum(bytes_in)":688,"sum(bytes_out)":710,"sum(time_taken)":30044}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/splunk_app_stream/info_overview","sum(bytes_in)":758,"sum(bytes_out)":2170,"sum(time_taken)":161873}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/times","sum(bytes_in)":754,"sum(bytes_out)":2664,"sum(time_taken)":1897}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__certificateExpirySM_1619091163.84/results_preview","sum(bytes_in)":870,"sum(bytes_out)":1111,"sum(time_taken)":1931}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/httpinputs","sum(bytes_in)":701,"sum(bytes_out)":1406,"sum(time_taken)":44551}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/configs/conf-visualizations","sum(bytes_in)":787,"sum(bytes_out)":4770,"sum(time_taken)":9661}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__RMD5e0579a4af9f25881_1619091164.87/control","sum(bytes_in)":952,"sum(bytes_out)":760,"sum(time_taken)":1687}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appIconAlt.png","sum(bytes_in)":681,"sum(bytes_out)":2622,"sum(time_taken)":29750}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/users/current/easysetup","sum(bytes_in)":714,"sum(bytes_out)":769,"sum(time_taken)":84188}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091153.77","sum(bytes_in)":746,"sum(bytes_out)":1959,"sum(time_taken)":1744}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091153.77/timeline","sum(bytes_in)":743,"sum(bytes_out)":1081,"sum(time_taken)":1405}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091134.76","sum(bytes_in)":746,"sum(bytes_out)":1831,"sum(time_taken)":1531}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ASX/static/appIconAlt.png","sum(bytes_in)":685,"sum(bytes_out)":3297,"sum(time_taken)":341}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/static/fonts/roboto-bold-webfont.woff","sum(bytes_in)":800,"sum(bytes_out)":741,"sum(time_taken)":69}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091134.76/timeline","sum(bytes_in)":743,"sum(bytes_out)":1081,"sum(time_taken)":1520}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091045.70/summary","sum(bytes_in)":766,"sum(bytes_out)":7467,"sum(time_taken)":10391}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/manager","sum(bytes_in)":748,"sum(bytes_out)":10254,"sum(time_taken)":41687}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/status_indicator_app/static/appIconAlt.png","sum(bytes_in)":695,"sum(bytes_out)":710,"sum(time_taken)":29134}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/en-GB/app/splunk_app_stream","sum(bytes_in)":744,"sum(bytes_out)":629,"sum(time_taken)":131901}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/static/appIconAlt.png","sum(bytes_in)":692,"sum(bytes_out)":2805,"sum(time_taken)":454}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/ui/prefs/_new","sum(bytes_in)":724,"sum(bytes_out)":1918,"sum(time_taken)":924}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091185.125","sum(bytes_in)":796,"sum(bytes_out)":1888,"sum(time_taken)":1547}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs","sum(bytes_in)":3066,"sum(bytes_out)":1903,"sum(time_taken)":8848}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_nix/static/appIconAlt.png","sum(bytes_in)":688,"sum(bytes_out)":710,"sum(time_taken)":423}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091091.75","sum(bytes_in)":1740,"sum(bytes_out)":2767,"sum(time_taken)":2840}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/users/current/tour","sum(bytes_in)":709,"sum(bytes_out)":768,"sum(time_taken)":67633}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/cloudinstance","sum(bytes_in)":704,"sum(bytes_out)":781,"sum(time_taken)":31463}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091173.124","sum(bytes_in)":796,"sum(bytes_out)":1888,"sum(time_taken)":1609}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sslActivitySM_1619091163.83/results_preview","sum(bytes_in)":867,"sum(bytes_out)":1153,"sum(time_taken)":1762}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__httpErrors_1619091163.78","sum(bytes_in)":806,"sum(bytes_out)":1745,"sum(time_taken)":3608}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws/static/appIconAlt.png","sum(bytes_in)":688,"sum(bytes_out)":2363,"sum(time_taken)":29716}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__domainTableSM_1619091164.88","sum(bytes_in)":809,"sum(bytes_out)":1719,"sum(time_taken)":1454}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__dnsActivitySM_1619091163.81","sum(bytes_in)":809,"sum(bytes_out)":1746,"sum(time_taken)":1628}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws-kinesis-firehose/static/appIconAlt.png","sum(bytes_in)":705,"sum(bytes_out)":1610,"sum(time_taken)":29666}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_Security_Essentials/static/appIconAlt.png","sum(bytes_in)":701,"sum(bytes_out)":3526,"sum(time_taken)":321}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091134.76/control","sum(bytes_in)":909,"sum(bytes_out)":760,"sum(time_taken)":1617}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ML_Toolkit/static/appIconAlt.png","sum(bytes_in)":692,"sum(bytes_out)":1783,"sum(time_taken)":26212}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/saved/searches/_new","sum(bytes_in)":725,"sum(bytes_out)":7136,"sum(time_taken)":4851}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091091.75/events","sum(bytes_in)":1324,"sum(bytes_out)":5630,"sum(time_taken)":8752}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091063.72/summary","sum(bytes_in)":766,"sum(bytes_out)":2685,"sum(time_taken)":5289}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/DA-ESS-ContentUpdate/static/appIconAlt.png","sum(bytes_in)":695,"sum(bytes_out)":3297,"sum(time_taken)":30080}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/timeline_app/static/appIconAlt.png","sum(bytes_in)":687,"sum(bytes_out)":710,"sum(time_taken)":204}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_ta_o365/static/appIconAlt.png","sum(bytes_in)":689,"sum(bytes_out)":2622,"sum(time_taken)":299}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/static/appIconAlt.png","sum(bytes_in)":704,"sum(bytes_out)":2408,"sum(time_taken)":537}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/streams/http","sum(bytes_in)":687,"sum(bytes_out)":18036,"sum(time_taken)":68938}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/config","sum(bytes_in)":637,"sum(bytes_out)":611,"sum(time_taken)":51879}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/static/appLogo.png","sum(bytes_in)":689,"sum(bytes_out)":2805,"sum(time_taken)":29427}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__topApps_1619091163.86","sum(bytes_in)":803,"sum(bytes_out)":1800,"sum(time_taken)":1459}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sslActivitySM_1619091163.83","sum(bytes_in)":809,"sum(bytes_out)":1772,"sum(time_taken)":1499}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091185.125/results","sum(bytes_in)":1015,"sum(bytes_out)":1993,"sum(time_taken)":2268}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091173.124/results","sum(bytes_in)":1015,"sum(bytes_out)":1995,"sum(time_taken)":2178}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__topApps_1619091163.86/results_preview","sum(bytes_in)":861,"sum(bytes_out)":1078,"sum(time_taken)":1720}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/indexes","sum(bytes_in)":710,"sum(bytes_out)":4525,"sum(time_taken)":35538}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__responseTimesSM_1619091163.79","sum(bytes_in)":811,"sum(bytes_out)":1780,"sum(time_taken)":2259}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__flowViz_1619091163.85","sum(bytes_in)":803,"sum(bytes_out)":1957,"sum(time_taken)":1422}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091173.124/control","sum(bytes_in)":948,"sum(bytes_out)":760,"sum(time_taken)":1829}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__dnsErrors_1619091163.82","sum(bytes_in)":805,"sum(bytes_out)":1720,"sum(time_taken)":1645}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/local_streamfwd_proxy","sum(bytes_in)":1424,"sum(bytes_out)":2020,"sum(time_taken)":157479}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/static/fonts/splunkicons-regular-webfont.woff","sum(bytes_in)":1616,"sum(bytes_out)":1530,"sum(time_taken)":146}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/static/fonts/roboto-light-webfont.woff","sum(bytes_in)":1602,"sum(bytes_out)":1488,"sum(time_taken)":230}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/events","sum(bytes_in)":2648,"sum(bytes_out)":9152,"sum(time_taken)":46833}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/static/fonts/roboto-regular-webfont.woff","sum(bytes_in)":1606,"sum(bytes_out)":1500,"sum(time_taken)":171}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","sum(bytes_in)":1480,"sum(bytes_out)":14270,"sum(time_taken)":67806}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/ui-tour","sum(bytes_in)":1512,"sum(bytes_out)":10710,"sum(time_taken)":57959}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/nav","sum(bytes_in)":1486,"sum(bytes_out)":3152,"sum(time_taken)":1145}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/vocabularies","sum(bytes_in)":1374,"sum(bytes_out)":71568,"sum(time_taken)":150641}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091091.75/summary","sum(bytes_in)":1532,"sum(bytes_out)":5998,"sum(time_taken)":64881}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/configs/conf-web/settings","sum(bytes_in)":1462,"sum(bytes_out)":5800,"sum(time_taken)":9574}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/streams","sum(bytes_in)":1403,"sum(bytes_out)":757863,"sum(time_taken)":417734}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":1818,"sum(bytes_out)":1520,"sum(time_taken)":3009}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs","sum(bytes_in)":4074,"sum(bytes_out)":1582,"sum(time_taken)":10942}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/authentication/users/admin","sum(bytes_in)":2196,"sum(bytes_out)":6684,"sum(time_taken)":3063}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/apps/local/splunk_app_stream","sum(bytes_in)":2202,"sum(bytes_out)":4431,"sum(time_taken)":6517}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77","sum(bytes_in)":2241,"sum(bytes_out)":7218,"sum(time_taken)":6096}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/user-prefs/general","sum(bytes_in)":2187,"sum(bytes_out)":4869,"sum(time_taken)":1623}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":744,"sum(bytes_out)":1575,"sum(time_taken)":1964}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/summary","sum(bytes_in)":2298,"sum(bytes_out)":9000,"sum(time_taken)":99142}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091134.76/events","sum(bytes_in)":3972,"sum(bytes_out)":6142,"sum(time_taken)":15897}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091134.76/summary","sum(bytes_in)":2298,"sum(bytes_out)":4684,"sum(time_taken)":43203}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":304,"uri_path":"/en-GB/config","sum(bytes_in)":1889,"sum(bytes_out)":564,"sum(time_taken)":43905}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091134.76","sum(bytes_in)":2988,"sum(bytes_out)":9187,"sum(time_taken)":8362}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/info/server-info","sum(bytes_in)":2916,"sum(bytes_out)":7548,"sum(time_taken)":4442}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/apps/local","sum(bytes_in)":3992,"sum(bytes_out)":28106,"sum(time_taken)":21725}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":4620,"sum(bytes_out)":5808,"sum(time_taken)":1321}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs","sum(bytes_in)":6096,"sum(bytes_out)":26837,"sum(time_taken)":64553}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":8,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__httpErrors_1619091163.78/results_preview","sum(bytes_in)":7332,"sum(bytes_out)":6942,"sum(time_taken)":53512}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":8,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":6137,"sum(bytes_out)":6142,"sum(time_taken)":2228}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":10,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__dnsErrors_1619091163.82/results_preview","sum(bytes_in)":8838,"sum(bytes_out)":8958,"sum(time_taken)":56594}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":11,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":7997,"sum(bytes_out)":12730,"sum(time_taken)":7574}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":13,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs","sum(bytes_in)":17834,"sum(bytes_out)":11792,"sum(time_taken)":91074}
{"endtime":"2021-04-22T11:33:10.192465Z","timestamp":"2021-04-22T11:33:10.192465Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":21934,"sum(time_taken)":8316408}
{"endtime":"2021-04-22T11:33:34.439705Z","timestamp":"2021-04-22T11:33:34.439168Z","bytes":2103,"bytes_in":777,"bytes_out":1326,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091214156","http_comment":"HTTP/1.1 200 OK","http_content_length":581,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/user-prefs/general_default?output_mode=json&_=1619091214156 HTTP/1.1","request_ack_time":537,"request_time":0,"response_ack_time":24924,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":537,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/user-prefs/general_default","uri_query":"output_mode=json&_=1619091214156"}
{"endtime":"2021-04-22T11:33:34.440742Z","timestamp":"2021-04-22T11:33:34.439959Z","bytes":2965,"bytes_in":734,"bytes_out":2231,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&_=1619091214160","http_comment":"HTTP/1.1 200 OK","http_content_length":1485,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/authentication/users/admin?output_mode=json&_=1619091214160 HTTP/1.1","request_ack_time":783,"request_time":0,"response_ack_time":28013,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":783,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/authentication/users/admin","uri_query":"output_mode=json&_=1619091214160"}
{"endtime":"2021-04-22T11:33:34.441128Z","timestamp":"2021-04-22T11:33:34.440007Z","bytes":3396,"bytes_in":735,"bytes_out":2661,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&count=0&_=1619091214159","http_comment":"HTTP/1.1 200 OK","http_content_length":1915,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/authorization/roles?output_mode=json&count=0&_=1619091214159 HTTP/1.1","request_ack_time":1121,"request_time":0,"response_ack_time":27612,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1121,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/authorization/roles","uri_query":"output_mode=json&count=0&_=1619091214159"}
{"endtime":"2021-04-22T11:33:34.442157Z","timestamp":"2021-04-22T11:33:34.439701Z","bytes":3978,"bytes_in":886,"bytes_out":3092,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json&search=(is_custom%3D1 OR name%3D%22email%22 OR name%3D%22script%22 OR name%3D%22lookup%22) AND disabled!%3D1&count=1000&_=1619091214157","http_comment":"HTTP/1.1 200 OK","http_content_length":2346,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/alerts/alert_actions?output_mode=json&search=(is_custom%3D1+OR+name%3D%22email%22+OR+name%3D%22script%22+OR+name%3D%22lookup%22)+AND+disabled!%3D1&count=1000&_=1619091214157 HTTP/1.1","request_ack_time":11,"request_time":0,"response_ack_time":26598,"response_time":68,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":2456,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/alerts/alert_actions","uri_query":"output_mode=json&search=(is_custom%3D1 OR name%3D%22email%22 OR name%3D%22script%22 OR name%3D%22lookup%22) AND disabled!%3D1&count=1000&_=1619091214157"}
{"endtime":"2021-04-22T11:33:34.459436Z","timestamp":"2021-04-22T11:33:34.454860Z","bytes":7757,"bytes_in":784,"bytes_out":6973,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&sort_key=name&sort_dir=asc&search=disabled%3D0&count=-1&_=1619091214161","http_comment":"HTTP/1.1 200 OK","http_content_length":6227,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/-/apps/local?output_mode=json&sort_key=name&sort_dir=asc&search=disabled%3D0&count=-1&_=1619091214161 HTTP/1.1","request_ack_time":4504,"request_time":0,"response_ack_time":31206,"response_time":72,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":32080,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/apps/local","uri_query":"output_mode=json&sort_key=name&sort_dir=asc&search=disabled%3D0&count=-1&_=1619091214161"}
{"endtime":"2021-04-22T11:33:34.485255Z","timestamp":"2021-04-22T11:33:34.482836Z","bytes":2343,"bytes_in":789,"bytes_out":1554,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091214162","http_comment":"HTTP/1.1 200 OK","http_content_length":809,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/scheduled/views/attack_range_main_dashboard?output_mode=json&_=1619091214162 HTTP/1.1","request_ack_time":2419,"request_time":0,"response_ack_time":25364,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":2419,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/scheduled/views/attack_range_main_dashboard","uri_query":"output_mode=json&_=1619091214162"}
{"endtime":"2021-04-22T11:33:34.518091Z","timestamp":"2021-04-22T11:33:34.155459Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d39ed059-2ce6-424a-8033-e9485e0023c7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":26,"request_time":0,"response_ack_time":144,"response_time":77,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49272,"status":200,"time_taken":362849,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:33:34.519006Z","timestamp":"2021-04-22T11:33:34.514873Z","bytes":7789,"bytes_in":818,"bytes_out":6971,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&includeFormatter=true&search=disabled%3D0&count=0&_=1619091214163","http_comment":"HTTP/1.1 200 OK","http_content_length":6225,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/visualizations?output_mode=json&includeFormatter=true&search=disabled%3D0&count=0&_=1619091214163 HTTP/1.1","request_ack_time":4063,"request_time":0,"response_ack_time":31698,"response_time":70,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":35892,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/visualizations","uri_query":"output_mode=json&includeFormatter=true&search=disabled%3D0&count=0&_=1619091214163"}
{"endtime":"2021-04-22T11:33:34.583106Z","timestamp":"2021-04-22T11:33:34.580904Z","bytes":6137,"bytes_in":770,"bytes_out":5367,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&count=-1&_=1619091214164","http_comment":"HTTP/1.1 200 OK","http_content_length":4621,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/ui-tour?output_mode=json&count=-1&_=1619091214164 HTTP/1.1","request_ack_time":2189,"request_time":0,"response_ack_time":27559,"response_time":13,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":2202,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/ui-tour","uri_query":"output_mode=json&count=-1&_=1619091214164"}
{"endtime":"2021-04-22T11:33:34.883001Z","timestamp":"2021-04-22T11:33:34.518680Z","bytes":246187,"bytes_in":175,"bytes_out":246012,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3af8ed5-190e-4f24-b24f-efaee028ec31","http_comment":"HTTP/1.1 200 OK","http_content_length":245521,"http_content_type":"text/xml;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/vocabularies/ HTTP/1.1","request_ack_time":37,"request_time":0,"response_ack_time":943,"response_time":853,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49274,"status":200,"time_taken":364615,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/vocabularies/"}
{"endtime":"2021-04-22T11:33:34.937714Z","timestamp":"2021-04-22T11:33:34.933203Z","bytes":3059,"bytes_in":2117,"bytes_out":942,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"auto_cancel=90&status_buckets=0&output_mode=json&earliest_time=0&latest_time=&label=search9&preview=true&search=search `get_attack_data`\n|lookup enterprise-attack-lookup Technique\n| eval mitre_id = Technique+\" - \"+mitre_technique_display, atomic_test= 'Test Number'+\"-\"+'Test Name'\n\n| join type=left max=0 Technique \n   [ | rest /services/configs/conf-analytic_stories splunk_server=local count=0\n|rex field=mappings \".*,+\\s\\\"mitre_attack\\\":(?<technique>.*),+\\s\\\"nist\\\"\"\n|rex field=technique mode=sed \"s/\\[//g\"\n|rex field=technique mode=sed \"s/\\]//g\"\n| eval technique=split(technique, \",\")\n|rex field=technique mode=sed \"s/\\\"//g\"\n| mvexpand technique\n| eval Technique=trim(technique)  \n| where Technique!=\"\"\n|fields Technique, title]\n\n|eval view=\"View [ESCU]\"\n|eval execute=\"Execute [ASX]\"\n|stats dc(title) by title, view, execute\n| fields title, view, execute&sample_ratio=1&provenance=UI:Dashboard:attack_range_main_dashboard&webframework.cache.hash=java5:-786184c3","http_comment":"HTTP/1.1 201 Created","http_content_length":86,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs HTTP/1.1","request_ack_time":12,"request_time":545,"response_ack_time":24984,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":201,"time_taken":4511,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs"}
{"endtime":"2021-04-22T11:33:34.938835Z","timestamp":"2021-04-22T11:33:34.933784Z","bytes":2371,"bytes_in":1427,"bytes_out":944,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"auto_cancel=90&status_buckets=0&output_mode=json&earliest_time=0&latest_time=&label=search10&preview=true&search=search `get_attack_data`\n|rename Technique as mitre_technique\n\n| join type=left max=0 mitre_technique\n[| sseanalytics\n|search mitre_technique!=\"None\"\n|mvexpand mitre_technique]\n|stats dc(name) by name,mitre_technique,channel\n|table name, mitre_technique, channel&sample_ratio=1&provenance=UI:Dashboard:attack_range_main_dashboard&webframework.cache.hash=java5:-3e95245c","http_comment":"HTTP/1.1 201 Created","http_content_length":87,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs HTTP/1.1","request_ack_time":6,"request_time":106,"response_ack_time":27926,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":201,"time_taken":5051,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs"}
{"endtime":"2021-04-22T11:33:34.941792Z","timestamp":"2021-04-22T11:33:34.937289Z","bytes":2843,"bytes_in":1895,"bytes_out":948,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"auto_cancel=90&status_buckets=0&output_mode=json&earliest_time=0&latest_time=&label=BaseSearch&preview=true&search=search `get_attack_data`\n      |lookup enterprise-attack-lookup Technique\n      | eval mitre_id = Technique+\" - \"+mitre_technique_display, atomic_test= 'Test Number'+\"-\"+'Test Name' \n      | table atomic_test, Hostname,mitre_id,mitre_technique_display,mitre_technique_url,Tactic,Technique,\"Test Name\", Username&provenance=UI:Dashboard:attack_range_main_dashboard&postprocess_searches=[\"|stats count\",\"|stats dc(Tactic)\",\"|stats dc(Technique)\",\"|stats count by Username\",\"|stats count by Hostname\",\"|stats count by Tactic\",\"| stats count count(Technique) by Tactic, Technique\",\"|table atomic_test, Hostname,mitre_id,mitre_technique_display,mitre_technique_url,Tactic,Technique,\\\"Test Name\\\", Username\"]&webframework.cache.hash=java5:-87bdc23","http_comment":"HTTP/1.1 201 Created","http_content_length":89,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs HTTP/1.1","request_ack_time":5,"request_time":72,"response_ack_time":24969,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":201,"time_taken":4503,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs"}
{"endtime":"2021-04-22T11:33:35.054861Z","timestamp":"2021-04-22T11:33:35.053079Z","bytes":2696,"bytes_in":835,"bytes_out":1861,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091214166","http_comment":"HTTP/1.1 200 OK","http_content_length":1115,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129?output_mode=json&_=1619091214166 HTTP/1.1","request_ack_time":1782,"request_time":0,"response_ack_time":27911,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1782,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129","uri_query":"output_mode=json&_=1619091214166"}
{"endtime":"2021-04-22T11:33:35.055458Z","timestamp":"2021-04-22T11:33:35.053078Z","bytes":2950,"bytes_in":834,"bytes_out":2116,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json&_=1619091214165","http_comment":"HTTP/1.1 200 OK","http_content_length":1370,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619091214.128?output_mode=json&_=1619091214165 HTTP/1.1","request_ack_time":2380,"request_time":0,"response_ack_time":27314,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":2380,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619091214.128","uri_query":"output_mode=json&_=1619091214165"}
{"endtime":"2021-04-22T11:33:35.056883Z","timestamp":"2021-04-22T11:33:35.053079Z","bytes":2800,"bytes_in":837,"bytes_out":1963,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091214167","http_comment":"HTTP/1.1 200 OK","http_content_length":1217,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130?output_mode=json&_=1619091214167 HTTP/1.1","request_ack_time":3804,"request_time":0,"response_ack_time":25889,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":3804,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130","uri_query":"output_mode=json&_=1619091214167"}
{"endtime":"2021-04-22T11:33:35.125676Z","timestamp":"2021-04-22T11:33:35.124985Z","bytes":2376,"bytes_in":750,"bytes_out":1626,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091213536","http_comment":"HTTP/1.1 200 OK","http_content_length":881,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/user-prefs/data/user-prefs/general?output_mode=json&_=1619091213536 HTTP/1.1","request_ack_time":691,"request_time":0,"response_ack_time":26993,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":691,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/user-prefs/data/user-prefs/general","uri_query":"output_mode=json&_=1619091213536"}
{"endtime":"2021-04-22T11:33:35.213323Z","timestamp":"2021-04-22T11:33:35.211296Z","bytes":3562,"bytes_in":1864,"bytes_out":1698,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&appOrder=search,splunk_attack_range_reporting,DA-ESS-ContentUpdate,punchcard_app,Splunk_TA_aws-kinesis-firehose,Splunk_TA_aws,splunk_ta_o365,Splunk_TA_nix,Splunk_ML_Toolkit,Splunk_Security_Essentials,splunk_app_stream,Splunk_ASX,status_indicator_app,timeline_app&checked_new_maintenance_version=8.0.9&checked_new_version=8.1.3&datasets:showInstallDialog=1&default_earliest_time=-24h@h&default_latest_time=now&default_namespace=launcher&dismissedInstrumentationOptInVersion=4&display.page.home.dashboardId=/servicesNS/nobody/splunk_attack_range_reporting/data/ui/views/attack_range_main_dashboard&eai:acl=&eai_app_only=False&eai_results_per_page=25&hideInstrumentationOptInModal=1&new_maintenance_version=1&new_version=1&notification_python_3_impact=false&render_version_messages=1&search_assistant=compact&search_auto_format=0&search_line_numbers=0&search_syntax_highlighting=light&search_use_advanced_editor=1&showWhatsNew=1","http_comment":"HTTP/1.1 200 OK","http_content_length":953,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/user-prefs/data/user-prefs/general HTTP/1.1","request_ack_time":6,"request_time":16,"response_ack_time":25385,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":2027,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/user-prefs/data/user-prefs/general"}
{"endtime":"2021-04-22T11:33:35.250988Z","timestamp":"2021-04-22T11:33:35.249337Z","bytes":1782,"bytes_in":927,"bytes_out":855,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214169","http_comment":"HTTP/1.1 200 OK","http_content_length":151,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214169 HTTP/1.1","request_ack_time":1651,"request_time":0,"response_ack_time":25752,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1651,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214169"}
{"endtime":"2021-04-22T11:33:35.251065Z","timestamp":"2021-04-22T11:33:35.249253Z","bytes":1767,"bytes_in":922,"bytes_out":845,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214168","http_comment":"HTTP/1.1 200 OK","http_content_length":141,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214168 HTTP/1.1","request_ack_time":1812,"request_time":0,"response_ack_time":25655,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1812,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214168"}
{"endtime":"2021-04-22T11:33:35.254957Z","timestamp":"2021-04-22T11:33:35.253367Z","bytes":1767,"bytes_in":973,"bytes_out":794,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214171","http_comment":"HTTP/1.1 200 OK","http_content_length":91,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214171 HTTP/1.1","request_ack_time":1590,"request_time":0,"response_ack_time":25916,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1590,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214171"}
{"endtime":"2021-04-22T11:33:35.255025Z","timestamp":"2021-04-22T11:33:35.253270Z","bytes":1791,"bytes_in":930,"bytes_out":861,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214170","http_comment":"HTTP/1.1 200 OK","http_content_length":157,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214170 HTTP/1.1","request_ack_time":1755,"request_time":0,"response_ack_time":25813,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":1755,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214170"}
{"endtime":"2021-04-22T11:33:35.266162Z","timestamp":"2021-04-22T11:33:35.263073Z","bytes":3520,"bytes_in":971,"bytes_out":2549,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619091214.128&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130&count=3&_=1619091214172","http_comment":"HTTP/1.1 200 OK","http_content_length":1803,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs?output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619091214.128&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130&count=3&_=1619091214172 HTTP/1.1","request_ack_time":3089,"request_time":0,"response_ack_time":26560,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":3089,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs","uri_query":"output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619091214.128&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130&count=3&_=1619091214172"}
{"endtime":"2021-04-22T11:33:35.288274Z","timestamp":"2021-04-22T11:33:34.895885Z","bytes":465290,"bytes_in":231,"bytes_out":465059,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c1c26028-320c-4d90-b961-075cadc8fb66","form_data":"streamForwarderId=ip-10-0-1-18.eu-central-1.compute.internal","http_comment":"HTTP/1.1 200 OK","http_content_length":464567,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/streams/?streamForwarderId=ip-10-0-1-18.eu-central-1.compute.internal HTTP/1.1","request_ack_time":28,"request_time":0,"response_ack_time":1131,"response_time":4140,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49276,"status":200,"time_taken":392914,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/streams/","uri_query":"streamForwarderId=ip-10-0-1-18.eu-central-1.compute.internal"}
{"endtime":"2021-04-22T11:33:35.307191Z","timestamp":"2021-04-22T11:33:35.307191Z","count":74,"c_ip":"46.128.24.64","sum(bytes_in)":74558,"sum(bytes_out)":225182,"sum(time_taken)":1721537}
{"endtime":"2021-04-22T11:33:35.307191Z","timestamp":"2021-04-22T11:33:35.307191Z","count":4,"c_ip":"10.0.1.18","sum(bytes_in)":668,"sum(bytes_out)":3988,"sum(time_taken)":1454606}
{"endtime":"2021-04-22T11:33:35.307191Z","timestamp":"2021-04-22T11:33:35.307191Z","count":7,"c_ip":"10.0.1.15","sum(bytes_in)":1229,"sum(bytes_out)":716056,"sum(time_taken)":2539305}
{"endtime":"2021-04-22T11:33:35.307226Z","timestamp":"2021-04-22T11:33:35.307226Z","count":85,"dest_ip":"10.0.1.12","sum(time_taken)":5715448}
{"endtime":"2021-04-22T11:33:35.307234Z","timestamp":"2021-04-22T11:33:35.307234Z","count":2,"dest_ip":"10.0.1.12","status":404}
{"endtime":"2021-04-22T11:33:35.307234Z","timestamp":"2021-04-22T11:33:35.307234Z","count":1,"dest_ip":"10.0.1.12","status":304}
{"endtime":"2021-04-22T11:33:35.307234Z","timestamp":"2021-04-22T11:33:35.307234Z","count":2,"dest_ip":"10.0.1.12","status":303}
{"endtime":"2021-04-22T11:33:35.307234Z","timestamp":"2021-04-22T11:33:35.307234Z","count":1,"dest_ip":"10.0.1.12","status":301}
{"endtime":"2021-04-22T11:33:35.307234Z","timestamp":"2021-04-22T11:33:35.307234Z","count":2,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:33:35.307234Z","timestamp":"2021-04-22T11:33:35.307234Z","count":77,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":404,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/launcher/data/ui/prefs/home","sum(bytes_in)":743,"sum(bytes_out)":780,"sum(time_taken)":414}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":404,"uri_path":"/en-GB/splunkd/__raw/services/dmc-conf/settings/settings","sum(bytes_in)":734,"sum(bytes_out)":760,"sum(time_taken)":26201}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":304,"uri_path":"/en-GB/config","sum(bytes_in)":673,"sum(bytes_out)":188,"sum(time_taken)":14798}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/en-GB/app/launcher","sum(bytes_in)":737,"sum(bytes_out)":594,"sum(time_taken)":101703}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/en-GB/","sum(bytes_in)":725,"sum(bytes_out)":586,"sum(time_taken)":54027}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":301,"uri_path":"/en-GB","sum(bytes_in)":724,"sum(bytes_out)":552,"sum(time_taken)":29857}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs","sum(bytes_in)":3188,"sum(bytes_out)":1828,"sum(time_taken)":5907}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/instrumentation_controller/instrumentation_eligibility","sum(bytes_in)":792,"sum(bytes_out)":978,"sum(time_taken)":249067}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general","sum(bytes_in)":763,"sum(bytes_out)":1594,"sum(time_taken)":684}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_attack_range_reporting/data/ui/views/attack_range_main_dashboard","sum(bytes_in)":788,"sum(bytes_out)":3580,"sum(time_taken)":1629}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":911,"sum(bytes_out)":762,"sum(time_taken)":1541}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/timeline_app/static/appIcon.png","sum(bytes_in)":686,"sum(bytes_out)":1361,"sum(time_taken)":27660}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/status_indicator_app/static/appIcon.png","sum(bytes_in)":694,"sum(bytes_out)":2067,"sum(time_taken)":380}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_ta_o365/static/appIcon.png","sum(bytes_in)":688,"sum(bytes_out)":3810,"sum(time_taken)":29531}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/static/appIcon.png","sum(bytes_in)":703,"sum(bytes_out)":2410,"sum(time_taken)":462}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/views/attack_range_main_dashboard","sum(bytes_in)":787,"sum(bytes_out)":3579,"sum(time_taken)":29963}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/ui-tour","sum(bytes_in)":770,"sum(bytes_out)":5367,"sum(time_taken)":2092}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/times","sum(bytes_in)":1553,"sum(bytes_out)":5320,"sum(time_taken)":3765}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/static/appLogo.png","sum(bytes_in)":689,"sum(bytes_out)":2805,"sum(time_taken)":25887}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/static/appIcon.png","sum(bytes_in)":691,"sum(bytes_out)":2807,"sum(time_taken)":30029}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091207.127/results","sum(bytes_in)":1017,"sum(bytes_out)":1968,"sum(time_taken)":2480}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091207.127","sum(bytes_in)":798,"sum(bytes_out)":1890,"sum(time_taken)":1582}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091196.126/results","sum(bytes_in)":1017,"sum(bytes_out)":1998,"sum(time_taken)":2288}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091196.126","sum(bytes_in)":798,"sum(bytes_out)":1890,"sum(time_taken)":1543}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_app_stream/data/ui/views","sum(bytes_in)":763,"sum(bytes_out)":5886,"sum(time_taken)":29568}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appIcon.png","sum(bytes_in)":680,"sum(bytes_out)":3810,"sum(time_taken)":399}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/ui-tour","sum(bytes_in)":747,"sum(bytes_out)":5414,"sum(time_taken)":32085}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/punchcard_app/static/appIcon.png","sum(bytes_in)":687,"sum(bytes_out)":2176,"sum(time_taken)":30205}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/launcher/data/ui/ui-tour","sum(bytes_in)":749,"sum(bytes_out)":5358,"sum(time_taken)":32010}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_nix/static/appIcon.png","sum(bytes_in)":687,"sum(bytes_out)":5423,"sum(time_taken)":27695}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws/static/appIcon.png","sum(bytes_in)":687,"sum(bytes_out)":2365,"sum(time_taken)":29560}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_TA_aws-kinesis-firehose/static/appIcon.png","sum(bytes_in)":704,"sum(bytes_out)":1612,"sum(time_taken)":240}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_Security_Essentials/static/appIcon.png","sum(bytes_in)":700,"sum(bytes_out)":3945,"sum(time_taken)":313}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ML_Toolkit/static/appIcon.png","sum(bytes_in)":691,"sum(bytes_out)":2239,"sum(time_taken)":369}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/Splunk_ASX/static/appIcon.png","sum(bytes_in)":684,"sum(bytes_out)":4301,"sum(time_taken)":27802}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/DA-ESS-ContentUpdate/static/appIcon.png","sum(bytes_in)":694,"sum(bytes_out)":4301,"sum(time_taken)":363}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/nav","sum(bytes_in)":738,"sum(bytes_out)":5015,"sum(time_taken)":36075}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/manager","sum(bytes_in)":2248,"sum(bytes_out)":30764,"sum(time_taken)":123147}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/apps/local","sum(bytes_in)":1585,"sum(bytes_out)":11739,"sum(time_taken)":8527}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":3645,"sum(bytes_out)":5796,"sum(time_taken)":3441}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091207.127/control","sum(bytes_in)":950,"sum(bytes_out)":762,"sum(time_taken)":1710}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091196.126/control","sum(bytes_in)":1901,"sum(bytes_out)":1526,"sum(time_taken)":3557}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091185.125/control","sum(bytes_in)":1901,"sum(bytes_out)":1526,"sum(time_taken)":3445}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2FwcF9zdHJlYW0__sparklineSearch_1619091173.124/control","sum(bytes_in)":949,"sum(bytes_out)":762,"sum(time_taken)":1606}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs","sum(bytes_in)":3132,"sum(bytes_out)":12671,"sum(time_taken)":37877}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/saved/searches/_new","sum(bytes_in)":1454,"sum(bytes_out)":14276,"sum(time_taken)":33984}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1544,"sum(bytes_out)":1940,"sum(time_taken)":645}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/user-prefs/general","sum(bytes_in)":1462,"sum(bytes_out)":3250,"sum(time_taken)":1232}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/ui/prefs/_new","sum(bytes_in)":726,"sum(bytes_out)":1920,"sum(time_taken)":671}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/configs/conf-web/settings","sum(bytes_in)":2199,"sum(bytes_out)":8702,"sum(time_taken)":74499}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/authentication/users/admin","sum(bytes_in)":734,"sum(bytes_out)":2229,"sum(time_taken)":780}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/custom/splunk_app_stream/streams/http","sum(bytes_in)":16956,"sum(bytes_out)":18032,"sum(time_taken)":167478}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/config","sum(bytes_in)":673,"sum(bytes_out)":1324,"sum(time_taken)":57662}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/splunk_attack_range_reporting/attack_range_main_dashboard","sum(bytes_in)":877,"sum(bytes_out)":4597,"sum(time_taken)":151194}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/launcher/home","sum(bytes_in)":742,"sum(bytes_out)":2047,"sum(time_taken)":159908}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/vocabularies/","sum(bytes_in)":175,"sum(bytes_out)":246012,"sum(time_taken)":356460}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/streams/","sum(bytes_in)":219,"sum(bytes_out)":465059,"sum(time_taken)":379323}
{"endtime":"2021-04-22T11:33:35.307263Z","timestamp":"2021-04-22T11:33:35.307263Z","count":9,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":1503,"sum(bytes_out)":8973,"sum(time_taken)":3258128}
{"endtime":"2021-04-22T11:33:35.312864Z","timestamp":"2021-04-22T11:33:35.311304Z","bytes":1744,"bytes_in":889,"bytes_out":855,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214174","http_comment":"HTTP/1.1 200 OK","http_content_length":151,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214174 HTTP/1.1","request_ack_time":1560,"request_time":0,"response_ack_time":23856,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1560,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214174"}
{"endtime":"2021-04-22T11:33:35.312941Z","timestamp":"2021-04-22T11:33:35.311258Z","bytes":1729,"bytes_in":884,"bytes_out":845,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214173","http_comment":"HTTP/1.1 200 OK","http_content_length":141,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214173 HTTP/1.1","request_ack_time":1683,"request_time":0,"response_ack_time":28333,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":1683,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214173"}
{"endtime":"2021-04-22T11:33:35.319224Z","timestamp":"2021-04-22T11:33:35.317162Z","bytes":1753,"bytes_in":892,"bytes_out":861,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214175","http_comment":"HTTP/1.1 200 OK","http_content_length":157,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214175 HTTP/1.1","request_ack_time":2062,"request_time":0,"response_ack_time":22146,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":2062,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214175"}
{"endtime":"2021-04-22T11:33:35.319289Z","timestamp":"2021-04-22T11:33:35.317721Z","bytes":1697,"bytes_in":900,"bytes_out":797,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Username&_=1619091214176","http_comment":"HTTP/1.1 200 OK","http_content_length":94,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Username&_=1619091214176 HTTP/1.1","request_ack_time":1568,"request_time":0,"response_ack_time":22118,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1568,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Username&_=1619091214176"}
{"endtime":"2021-04-22T11:33:35.320741Z","timestamp":"2021-04-22T11:33:35.317793Z","bytes":1697,"bytes_in":900,"bytes_out":797,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Hostname&_=1619091214177","http_comment":"HTTP/1.1 200 OK","http_content_length":94,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Hostname&_=1619091214177 HTTP/1.1","request_ack_time":2948,"request_time":0,"response_ack_time":24116,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2948,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Hostname&_=1619091214177"}
{"endtime":"2021-04-22T11:33:35.320821Z","timestamp":"2021-04-22T11:33:35.317893Z","bytes":1695,"bytes_in":898,"bytes_out":797,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Tactic&_=1619091214178","http_comment":"HTTP/1.1 200 OK","http_content_length":94,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Tactic&_=1619091214178 HTTP/1.1","request_ack_time":2928,"request_time":0,"response_ack_time":24035,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2928,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Tactic&_=1619091214178"}
{"endtime":"2021-04-22T11:33:35.343169Z","timestamp":"2021-04-22T11:33:35.341274Z","bytes":1808,"bytes_in":1014,"bytes_out":794,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json_rows&count=5&offset=0&show_metadata=true&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214180","http_comment":"HTTP/1.1 200 OK","http_content_length":91,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&count=5&offset=0&show_metadata=true&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214180 HTTP/1.1","request_ack_time":1895,"request_time":0,"response_ack_time":23536,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":1895,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&count=5&offset=0&show_metadata=true&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214180"}
{"endtime":"2021-04-22T11:33:35.344838Z","timestamp":"2021-04-22T11:33:35.341407Z","bytes":1729,"bytes_in":935,"bytes_out":794,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214179","http_comment":"HTTP/1.1 200 OK","http_content_length":91,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214179 HTTP/1.1","request_ack_time":3431,"request_time":0,"response_ack_time":25935,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":3431,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214179"}
{"endtime":"2021-04-22T11:33:35.696473Z","timestamp":"2021-04-22T11:33:35.695096Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1377,"request_time":0,"response_ack_time":26275,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1377,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:33:36.197542Z","timestamp":"2021-04-22T11:33:34.275647Z","bytes":1007,"bytes_in":181,"bytes_out":826,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"57de0266-c27a-4009-aa32-9045ffb986de","http_comment":"HTTP/1.1 200 OK","http_content_length":337,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/captureipaddresses/ HTTP/1.1","request_ack_time":27,"request_time":0,"response_ack_time":441,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49892,"status":200,"time_taken":1922973,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/"}
{"endtime":"2021-04-22T11:33:36.411473Z","timestamp":"2021-04-22T11:33:36.407243Z","bytes":4867,"bytes_in":971,"bytes_out":3896,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619091214.128&count=3&_=1619091214181","http_comment":"HTTP/1.1 200 OK","http_content_length":3150,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs?output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619091214.128&count=3&_=1619091214181 HTTP/1.1","request_ack_time":4219,"request_time":0,"response_ack_time":26035,"response_time":11,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":30276,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs","uri_query":"output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619091214.128&count=3&_=1619091214181"}
{"endtime":"2021-04-22T11:33:36.449302Z","timestamp":"2021-04-22T11:33:36.447392Z","bytes":1712,"bytes_in":849,"bytes_out":863,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214183","http_comment":"HTTP/1.1 200 OK","http_content_length":159,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214183 HTTP/1.1","request_ack_time":1910,"request_time":0,"response_ack_time":23554,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":1910,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214183"}
{"endtime":"2021-04-22T11:33:36.449776Z","timestamp":"2021-04-22T11:33:36.447977Z","bytes":1718,"bytes_in":852,"bytes_out":866,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214184","http_comment":"HTTP/1.1 200 OK","http_content_length":162,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214184 HTTP/1.1","request_ack_time":1799,"request_time":0,"response_ack_time":27256,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1799,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214184"}
{"endtime":"2021-04-22T11:33:36.450051Z","timestamp":"2021-04-22T11:33:36.447992Z","bytes":1706,"bytes_in":860,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json_rows&search=%7Cstats%20count%20by%20Username&_=1619091214185","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20count%20by%20Username&_=1619091214185 HTTP/1.1","request_ack_time":2059,"request_time":0,"response_ack_time":26980,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2059,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20count%20by%20Username&_=1619091214185"}
{"endtime":"2021-04-22T11:33:36.450105Z","timestamp":"2021-04-22T11:33:36.448502Z","bytes":1704,"bytes_in":858,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json_rows&search=%7Cstats%20count%20by%20Tactic&_=1619091214187","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20count%20by%20Tactic&_=1619091214187 HTTP/1.1","request_ack_time":1603,"request_time":0,"response_ack_time":26889,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":1603,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20count%20by%20Tactic&_=1619091214187"}
{"endtime":"2021-04-22T11:33:36.450888Z","timestamp":"2021-04-22T11:33:36.448569Z","bytes":1702,"bytes_in":844,"bytes_out":858,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json_rows&search=%7Cstats%20count&_=1619091214182","http_comment":"HTTP/1.1 200 OK","http_content_length":154,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20count&_=1619091214182 HTTP/1.1","request_ack_time":2319,"request_time":0,"response_ack_time":26096,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2319,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20count&_=1619091214182"}
{"endtime":"2021-04-22T11:33:36.451086Z","timestamp":"2021-04-22T11:33:36.448542Z","bytes":1706,"bytes_in":860,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json_rows&search=%7Cstats%20count%20by%20Hostname&_=1619091214186","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20count%20by%20Hostname&_=1619091214186 HTTP/1.1","request_ack_time":2544,"request_time":0,"response_ack_time":25898,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":2544,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20count%20by%20Hostname&_=1619091214186"}
{"endtime":"2021-04-22T11:33:36.483244Z","timestamp":"2021-04-22T11:33:36.481429Z","bytes":1741,"bytes_in":895,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214188","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214188 HTTP/1.1","request_ack_time":1815,"request_time":0,"response_ack_time":23695,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":1815,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214188"}
{"endtime":"2021-04-22T11:33:36.483708Z","timestamp":"2021-04-22T11:33:36.482058Z","bytes":1824,"bytes_in":978,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json_rows&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214189","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214189 HTTP/1.1","request_ack_time":1650,"request_time":0,"response_ack_time":27331,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1650,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214189"}
{"endtime":"2021-04-22T11:33:36.483778Z","timestamp":"2021-04-22T11:33:36.481959Z","bytes":1794,"bytes_in":889,"bytes_out":905,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214190","http_comment":"HTTP/1.1 200 OK","http_content_length":201,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214190 HTTP/1.1","request_ack_time":1819,"request_time":0,"response_ack_time":27242,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1819,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214190"}
{"endtime":"2021-04-22T11:33:36.483860Z","timestamp":"2021-04-22T11:33:36.482172Z","bytes":1803,"bytes_in":892,"bytes_out":911,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214192","http_comment":"HTTP/1.1 200 OK","http_content_length":207,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214192 HTTP/1.1","request_ack_time":1688,"request_time":0,"response_ack_time":27179,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1688,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214192"}
{"endtime":"2021-04-22T11:33:36.487070Z","timestamp":"2021-04-22T11:33:36.485430Z","bytes":1712,"bytes_in":849,"bytes_out":863,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214191","http_comment":"HTTP/1.1 200 OK","http_content_length":159,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214191 HTTP/1.1","request_ack_time":1640,"request_time":0,"response_ack_time":23951,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1640,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214191"}
{"endtime":"2021-04-22T11:33:36.487145Z","timestamp":"2021-04-22T11:33:36.485388Z","bytes":1718,"bytes_in":852,"bytes_out":866,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214193","http_comment":"HTTP/1.1 200 OK","http_content_length":162,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214193 HTTP/1.1","request_ack_time":1757,"request_time":0,"response_ack_time":23876,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":1757,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214193"}
{"endtime":"2021-04-22T11:33:36.518855Z","timestamp":"2021-04-22T11:33:36.517044Z","bytes":1749,"bytes_in":900,"bytes_out":849,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Username&_=1619091214196","http_comment":"HTTP/1.1 200 OK","http_content_length":145,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Username&_=1619091214196 HTTP/1.1","request_ack_time":1811,"request_time":0,"response_ack_time":28198,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1811,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Username&_=1619091214196"}
{"endtime":"2021-04-22T11:33:36.518923Z","timestamp":"2021-04-22T11:33:36.517019Z","bytes":1747,"bytes_in":898,"bytes_out":849,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Tactic&_=1619091214194","http_comment":"HTTP/1.1 200 OK","http_content_length":145,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Tactic&_=1619091214194 HTTP/1.1","request_ack_time":1904,"request_time":0,"response_ack_time":23961,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":1904,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Tactic&_=1619091214194"}
{"endtime":"2021-04-22T11:33:36.518978Z","timestamp":"2021-04-22T11:33:36.517044Z","bytes":1706,"bytes_in":860,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json_rows&search=%7Cstats%20count%20by%20Username&_=1619091214197","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20count%20by%20Username&_=1619091214197 HTTP/1.1","request_ack_time":1934,"request_time":0,"response_ack_time":28058,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1934,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20count%20by%20Username&_=1619091214197"}
{"endtime":"2021-04-22T11:33:36.519025Z","timestamp":"2021-04-22T11:33:36.517057Z","bytes":1704,"bytes_in":858,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json_rows&search=%7Cstats%20count%20by%20Tactic&_=1619091214195","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20count%20by%20Tactic&_=1619091214195 HTTP/1.1","request_ack_time":1968,"request_time":0,"response_ack_time":28058,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1968,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20count%20by%20Tactic&_=1619091214195"}
{"endtime":"2021-04-22T11:33:36.520411Z","timestamp":"2021-04-22T11:33:36.517044Z","bytes":1702,"bytes_in":844,"bytes_out":858,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json_rows&search=%7Cstats%20count&_=1619091214199","http_comment":"HTTP/1.1 200 OK","http_content_length":154,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20count&_=1619091214199 HTTP/1.1","request_ack_time":3367,"request_time":0,"response_ack_time":26625,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":3367,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20count&_=1619091214199"}
{"endtime":"2021-04-22T11:33:36.520467Z","timestamp":"2021-04-22T11:33:36.517057Z","bytes":1779,"bytes_in":884,"bytes_out":895,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214198","http_comment":"HTTP/1.1 200 OK","http_content_length":191,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214198 HTTP/1.1","request_ack_time":3410,"request_time":0,"response_ack_time":26569,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":3410,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214198"}
{"endtime":"2021-04-22T11:33:36.554181Z","timestamp":"2021-04-22T11:33:36.551428Z","bytes":1749,"bytes_in":900,"bytes_out":849,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Hostname&_=1619091214200","http_comment":"HTTP/1.1 200 OK","http_content_length":145,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Hostname&_=1619091214200 HTTP/1.1","request_ack_time":2753,"request_time":0,"response_ack_time":24763,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":2753,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Hostname&_=1619091214200"}
{"endtime":"2021-04-22T11:33:36.554266Z","timestamp":"2021-04-22T11:33:36.551949Z","bytes":1781,"bytes_in":935,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214202","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214202 HTTP/1.1","request_ack_time":2317,"request_time":0,"response_ack_time":28738,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":2317,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214202"}
{"endtime":"2021-04-22T11:33:36.554307Z","timestamp":"2021-04-22T11:33:36.552473Z","bytes":1860,"bytes_in":1014,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json_rows&count=5&offset=0&show_metadata=true&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214204","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&count=5&offset=0&show_metadata=true&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214204 HTTP/1.1","request_ack_time":1834,"request_time":0,"response_ack_time":28697,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":1834,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&count=5&offset=0&show_metadata=true&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214204"}
{"endtime":"2021-04-22T11:33:36.554352Z","timestamp":"2021-04-22T11:33:36.552555Z","bytes":1741,"bytes_in":895,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214203","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214203 HTTP/1.1","request_ack_time":1797,"request_time":0,"response_ack_time":28705,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1797,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214203"}
{"endtime":"2021-04-22T11:33:36.555275Z","timestamp":"2021-04-22T11:33:36.551997Z","bytes":1706,"bytes_in":860,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json_rows&search=%7Cstats%20count%20by%20Hostname&_=1619091214201","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Cstats%20count%20by%20Hostname&_=1619091214201 HTTP/1.1","request_ack_time":3278,"request_time":0,"response_ack_time":27782,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":3278,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Cstats%20count%20by%20Hostname&_=1619091214201"}
{"endtime":"2021-04-22T11:33:36.555661Z","timestamp":"2021-04-22T11:33:36.552734Z","bytes":1824,"bytes_in":978,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json_rows&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214205","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214205 HTTP/1.1","request_ack_time":2927,"request_time":0,"response_ack_time":27343,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2927,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214205"}
{"endtime":"2021-04-22T11:33:36.589387Z","timestamp":"2021-04-22T11:33:36.587445Z","bytes":1794,"bytes_in":889,"bytes_out":905,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214206","http_comment":"HTTP/1.1 200 OK","http_content_length":201,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214206 HTTP/1.1","request_ack_time":1942,"request_time":0,"response_ack_time":25694,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":1942,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Tactic)&_=1619091214206"}
{"endtime":"2021-04-22T11:33:36.589784Z","timestamp":"2021-04-22T11:33:36.588011Z","bytes":1803,"bytes_in":892,"bytes_out":911,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214207","http_comment":"HTTP/1.1 200 OK","http_content_length":207,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214207 HTTP/1.1","request_ack_time":1773,"request_time":0,"response_ack_time":25297,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":1773,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20dc(Technique)&_=1619091214207"}
{"endtime":"2021-04-22T11:33:36.590046Z","timestamp":"2021-04-22T11:33:36.588416Z","bytes":1747,"bytes_in":898,"bytes_out":849,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Tactic&_=1619091214210","http_comment":"HTTP/1.1 200 OK","http_content_length":145,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Tactic&_=1619091214210 HTTP/1.1","request_ack_time":1630,"request_time":0,"response_ack_time":25065,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1630,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Tactic&_=1619091214210"}
{"endtime":"2021-04-22T11:33:36.590113Z","timestamp":"2021-04-22T11:33:36.588440Z","bytes":1749,"bytes_in":900,"bytes_out":849,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Username&_=1619091214209","http_comment":"HTTP/1.1 200 OK","http_content_length":145,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Username&_=1619091214209 HTTP/1.1","request_ack_time":1673,"request_time":0,"response_ack_time":24999,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1673,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Username&_=1619091214209"}
{"endtime":"2021-04-22T11:33:36.591319Z","timestamp":"2021-04-22T11:33:36.588011Z","bytes":1779,"bytes_in":884,"bytes_out":895,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214208","http_comment":"HTTP/1.1 200 OK","http_content_length":191,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214208 HTTP/1.1","request_ack_time":3308,"request_time":0,"response_ack_time":23762,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":3308,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7Cstats%20count&_=1619091214208"}
{"endtime":"2021-04-22T11:33:36.596943Z","timestamp":"2021-04-22T11:33:36.595193Z","bytes":1781,"bytes_in":935,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214211","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214211 HTTP/1.1","request_ack_time":1750,"request_time":0,"response_ack_time":26602,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1750,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"show_metadata=true&offset=0&count=10000&output_mode=json_rows&search=%7C%20stats%20count%20count(Technique)%20by%20Tactic%2C%20Technique&_=1619091214211"}
{"endtime":"2021-04-22T11:33:36.625256Z","timestamp":"2021-04-22T11:33:36.623539Z","bytes":1860,"bytes_in":1014,"bytes_out":846,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json_rows&count=5&offset=0&show_metadata=true&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214213","http_comment":"HTTP/1.1 200 OK","http_content_length":142,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_rows&count=5&offset=0&show_metadata=true&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214213 HTTP/1.1","request_ack_time":1717,"request_time":0,"response_ack_time":23736,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":1717,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_rows&count=5&offset=0&show_metadata=true&search=%7Ctable%20atomic_test%2C%20Hostname%2Cmitre_id%2Cmitre_technique_display%2Cmitre_technique_url%2CTactic%2CTechnique%2C%22Test%20Name%22%2C%20Username&_=1619091214213"}
{"endtime":"2021-04-22T11:33:36.625322Z","timestamp":"2021-04-22T11:33:36.623443Z","bytes":1749,"bytes_in":900,"bytes_out":849,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Hostname&_=1619091214212","http_comment":"HTTP/1.1 200 OK","http_content_length":145,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview?output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Hostname&_=1619091214212 HTTP/1.1","request_ack_time":1879,"request_time":0,"response_ack_time":23670,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":1879,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","uri_query":"output_mode=json_cols&count=10000&offset=0&show_metadata=true&search=%7Cstats%20count%20by%20Hostname&_=1619091214212"}
{"endtime":"2021-04-22T11:33:37.232088Z","timestamp":"2021-04-22T11:33:35.302260Z","bytes":1007,"bytes_in":181,"bytes_out":826,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d79cade4-ef3f-444d-9cd7-d421912ff79c","http_comment":"HTTP/1.1 200 OK","http_content_length":337,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/captureipaddresses/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":139,"response_time":108,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49278,"status":200,"time_taken":1930021,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/"}
{"endtime":"2021-04-22T11:33:37.473773Z","timestamp":"2021-04-22T11:33:37.471910Z","bytes":3208,"bytes_in":808,"bytes_out":2400,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&count=1&_=1619091214214","http_comment":"HTTP/1.1 200 OK","http_content_length":1654,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs?output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&count=1&_=1619091214214 HTTP/1.1","request_ack_time":1863,"request_time":0,"response_ack_time":27259,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":1863,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs","uri_query":"output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&count=1&_=1619091214214"}
{"endtime":"2021-04-22T11:33:38.432076Z","timestamp":"2021-04-22T11:33:38.431734Z","bytes":1742,"bytes_in":772,"bytes_out":970,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037477","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037477 HTTP/1.1","request_ack_time":342,"request_time":0,"response_ack_time":25147,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":342,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037477"}
{"endtime":"2021-04-22T11:33:38.432360Z","timestamp":"2021-04-22T11:33:38.431734Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&_=1619091037476","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037476 HTTP/1.1","request_ack_time":626,"request_time":0,"response_ack_time":24863,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":626,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037476"}
{"endtime":"2021-04-22T11:33:38.513573Z","timestamp":"2021-04-22T11:33:38.511456Z","bytes":3426,"bytes_in":808,"bytes_out":2618,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&count=1&_=1619091214215","http_comment":"HTTP/1.1 200 OK","http_content_length":1872,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs?output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&count=1&_=1619091214215 HTTP/1.1","request_ack_time":2117,"request_time":0,"response_ack_time":25604,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":2117,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs","uri_query":"output_mode=json&id=admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129&count=1&_=1619091214215"}
{"endtime":"2021-04-22T11:33:38.606635Z","timestamp":"2021-04-22T11:33:38.247159Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"6f6d8e8d-1ccd-4d58-89d3-48ce7c12e5ce","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":60,"request_time":0,"response_ack_time":333,"response_time":61,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49893,"status":200,"time_taken":359882,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:33:39.327711Z","timestamp":"2021-04-22T11:33:39.219567Z","bytes":1328,"bytes_in":736,"bytes_out":592,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","http_comment":"HTTP/1.1 303 See Other","http_content_length":110,"http_content_type":"text/html;charset=utf-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/app/search/ HTTP/1.1","request_ack_time":42884,"request_time":0,"response_ack_time":25636,"response_time":135,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":303,"time_taken":133915,"transport":"tcp","uri_path":"/en-GB/app/search/"}
{"endtime":"2021-04-22T11:33:39.496316Z","timestamp":"2021-04-22T11:33:39.357585Z","bytes":2879,"bytes_in":742,"bytes_out":2137,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","http_comment":"HTTP/1.1 200 OK","http_content_length":1592,"http_content_type":"text/html;charset=utf-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/app/search/search HTTP/1.1","request_ack_time":14,"request_time":0,"response_ack_time":81099,"response_time":92,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":138731,"transport":"tcp","uri_path":"/en-GB/app/search/search"}
{"endtime":"2021-04-22T11:33:39.594622Z","timestamp":"2021-04-22T11:33:39.577415Z","bytes":861,"bytes_in":673,"bytes_out":188,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"autoload=1","http_comment":"HTTP/1.1 304 Not Modified","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/config?autoload=1 HTTP/1.1","request_ack_time":13,"request_time":0,"response_ack_time":24772,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":304,"time_taken":17207,"transport":"tcp","uri_path":"/en-GB/config","uri_query":"autoload=1"}
{"endtime":"2021-04-22T11:33:39.601008Z","timestamp":"2021-04-22T11:33:39.236844Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"316f0b6e-cc97-49e3-bd77-192cf3ed93ae","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":369,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49280,"status":200,"time_taken":364358,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:33:39.752741Z","timestamp":"2021-04-22T11:33:39.752006Z","bytes":2356,"bytes_in":731,"bytes_out":1625,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219606","http_comment":"HTTP/1.1 200 OK","http_content_length":880,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/data/user-prefs/general?output_mode=json&_=1619091219606 HTTP/1.1","request_ack_time":735,"request_time":0,"response_ack_time":26660,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":735,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/data/user-prefs/general","uri_query":"output_mode=json&_=1619091219606"}
{"endtime":"2021-04-22T11:33:39.754469Z","timestamp":"2021-04-22T11:33:39.752127Z","bytes":6163,"bytes_in":747,"bytes_out":5416,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json&count=-1&_=1619091219605","http_comment":"HTTP/1.1 200 OK","http_content_length":4670,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/ui-tour?output_mode=json&count=-1&_=1619091219605 HTTP/1.1","request_ack_time":2333,"request_time":0,"response_ack_time":29516,"response_time":9,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":31867,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/ui-tour","uri_query":"output_mode=json&count=-1&_=1619091219605"}
{"endtime":"2021-04-22T11:33:39.756613Z","timestamp":"2021-04-22T11:33:39.755964Z","bytes":2964,"bytes_in":734,"bytes_out":2230,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219608","http_comment":"HTTP/1.1 200 OK","http_content_length":1484,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/authentication/users/admin?output_mode=json&_=1619091219608 HTTP/1.1","request_ack_time":649,"request_time":0,"response_ack_time":27372,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":649,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/authentication/users/admin","uri_query":"output_mode=json&_=1619091219608"}
{"endtime":"2021-04-22T11:33:39.757370Z","timestamp":"2021-04-22T11:33:39.751973Z","bytes":3635,"bytes_in":733,"bytes_out":2902,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&_=1619091219604","http_comment":"HTTP/1.1 200 OK","http_content_length":2156,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/configs/conf-web/settings?output_mode=json&_=1619091219604 HTTP/1.1","request_ack_time":15,"request_time":0,"response_ack_time":26615,"response_time":74,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":5397,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/configs/conf-web/settings","uri_query":"output_mode=json&_=1619091219604"}
{"endtime":"2021-04-22T11:33:39.761368Z","timestamp":"2021-04-22T11:33:39.756282Z","bytes":7757,"bytes_in":784,"bytes_out":6973,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&sort_key=name&sort_dir=asc&search=disabled%3D0&count=-1&_=1619091219609","http_comment":"HTTP/1.1 200 OK","http_content_length":6227,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/-/apps/local?output_mode=json&sort_key=name&sort_dir=asc&search=disabled%3D0&count=-1&_=1619091219609 HTTP/1.1","request_ack_time":5008,"request_time":0,"response_ack_time":30168,"response_time":78,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":33545,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/apps/local","uri_query":"output_mode=json&sort_key=name&sort_dir=asc&search=disabled%3D0&count=-1&_=1619091219609"}
{"endtime":"2021-04-22T11:33:39.770778Z","timestamp":"2021-04-22T11:33:39.755898Z","bytes":11006,"bytes_in":750,"bytes_out":10256,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&count=0&digest=1&_=1619091219607","http_comment":"HTTP/1.1 200 OK","http_content_length":9510,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/manager?output_mode=json&count=0&digest=1&_=1619091219607 HTTP/1.1","request_ack_time":14805,"request_time":0,"response_ack_time":26653,"response_time":75,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":41608,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/manager","uri_query":"output_mode=json&count=0&digest=1&_=1619091219607"}
{"endtime":"2021-04-22T11:33:39.784974Z","timestamp":"2021-04-22T11:33:39.784012Z","bytes":2856,"bytes_in":743,"bytes_out":2113,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","form_data":"output_mode=json&_=1619091219611","http_comment":"HTTP/1.1 200 OK","http_content_length":1367,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search?output_mode=json&_=1619091219611 HTTP/1.1","request_ack_time":962,"request_time":0,"response_ack_time":24439,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":962,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search","uri_query":"output_mode=json&_=1619091219611"}
{"endtime":"2021-04-22T11:33:39.785509Z","timestamp":"2021-04-22T11:33:39.783985Z","bytes":3376,"bytes_in":745,"bytes_out":2631,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&count=-1&_=1619091219610","http_comment":"HTTP/1.1 200 OK","http_content_length":1885,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/times?output_mode=json&count=-1&_=1619091219610 HTTP/1.1","request_ack_time":1524,"request_time":0,"response_ack_time":30947,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1524,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/times","uri_query":"output_mode=json&count=-1&_=1619091219610"}
{"endtime":"2021-04-22T11:33:39.793730Z","timestamp":"2021-04-22T11:33:39.787940Z","bytes":7309,"bytes_in":794,"bytes_out":6515,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&count=-1&sort_key=name&search=disabled%3Dfalse&_=1619091219612","http_comment":"HTTP/1.1 200 OK","http_content_length":5769,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/workflow-actions?output_mode=json&count=-1&sort_key=name&search=disabled%3Dfalse&_=1619091219612 HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":26019,"response_time":81,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":5790,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/workflow-actions","uri_query":"output_mode=json&count=-1&sort_key=name&search=disabled%3Dfalse&_=1619091219612"}
{"endtime":"2021-04-22T11:33:39.806018Z","timestamp":"2021-04-22T11:33:39.805642Z","bytes":1973,"bytes_in":724,"bytes_out":1249,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219614","http_comment":"HTTP/1.1 200 OK","http_content_length":504,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/workloads/status?output_mode=json&_=1619091219614 HTTP/1.1","request_ack_time":376,"request_time":0,"response_ack_time":25469,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":376,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/workloads/status","uri_query":"output_mode=json&_=1619091219614"}
{"endtime":"2021-04-22T11:33:39.823977Z","timestamp":"2021-04-22T11:33:39.819749Z","bytes":7777,"bytes_in":824,"bytes_out":6953,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&includeFormatter=true&search=disabled%3D0 AND allow_user_selection%3D1&count=0&_=1619091219615","http_comment":"HTTP/1.1 200 OK","http_content_length":6207,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/visualizations?output_mode=json&includeFormatter=true&search=disabled%3D0+AND+allow_user_selection%3D1&count=0&_=1619091219615 HTTP/1.1","request_ack_time":4136,"request_time":0,"response_ack_time":25713,"response_time":92,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":4228,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/visualizations","uri_query":"output_mode=json&includeFormatter=true&search=disabled%3D0 AND allow_user_selection%3D1&count=0&_=1619091219615"}
{"endtime":"2021-04-22T11:33:39.824058Z","timestamp":"2021-04-22T11:33:39.823816Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219616","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219616 HTTP/1.1","request_ack_time":242,"request_time":0,"response_ack_time":29405,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":242,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219616"}
{"endtime":"2021-04-22T11:33:39.874668Z","timestamp":"2021-04-22T11:33:39.869655Z","bytes":3635,"bytes_in":733,"bytes_out":2902,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&_=1619091219617","http_comment":"HTTP/1.1 200 OK","http_content_length":2156,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/configs/conf-web/settings?output_mode=json&_=1619091219617 HTTP/1.1","request_ack_time":4921,"request_time":0,"response_ack_time":24775,"response_time":92,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":5013,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/configs/conf-web/settings","uri_query":"output_mode=json&_=1619091219617"}
{"endtime":"2021-04-22T11:33:39.896513Z","timestamp":"2021-04-22T11:33:39.895902Z","bytes":2356,"bytes_in":763,"bytes_out":1593,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219618","http_comment":"HTTP/1.1 200 OK","http_content_length":848,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general?output_mode=json&_=1619091219618 HTTP/1.1","request_ack_time":611,"request_time":0,"response_ack_time":27023,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":611,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general","uri_query":"output_mode=json&_=1619091219618"}
{"endtime":"2021-04-22T11:33:39.911944Z","timestamp":"2021-04-22T11:33:39.911749Z","bytes":1742,"bytes_in":772,"bytes_out":970,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d3c35c84-49d4-4681-89c8-22c9a95aeab7","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219620","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219620 HTTP/1.1","request_ack_time":195,"request_time":0,"response_ack_time":23464,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52116,"status":200,"time_taken":195,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219620"}
{"endtime":"2021-04-22T11:33:39.915989Z","timestamp":"2021-04-22T11:33:39.915660Z","bytes":1448,"bytes_in":680,"bytes_out":768,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9b6e362d-69cc-4990-ac10-8f22263ef9c8","http_comment":"HTTP/1.1 200 OK","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/static/appLogo.png HTTP/1.1","request_ack_time":246,"request_time":0,"response_ack_time":27536,"response_time":83,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52034,"status":200,"time_taken":27948,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appLogo.png"}
{"endtime":"2021-04-22T11:33:39.917643Z","timestamp":"2021-04-22T11:33:39.895999Z","bytes":1770,"bytes_in":792,"bytes_out":978,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"optInVersion=4&_=1619091219619","http_comment":"HTTP/1.1 200 OK","http_content_length":289,"http_content_type":"application/json","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/instrumentation_controller/instrumentation_eligibility?optInVersion=4&_=1619091219619 HTTP/1.1","request_ack_time":21644,"request_time":0,"response_ack_time":25882,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":21644,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/instrumentation_controller/instrumentation_eligibility","uri_query":"optInVersion=4&_=1619091219619"}
{"endtime":"2021-04-22T11:33:39.919536Z","timestamp":"2021-04-22T11:33:39.787969Z","bytes":130034,"bytes_in":753,"bytes_out":129281,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&count=0&_=1619091219613","http_comment":"HTTP/1.1 200 OK","http_content_length":128533,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/configs/conf-searchbnf?output_mode=json&count=0&_=1619091219613 HTTP/1.1","request_ack_time":42512,"request_time":0,"response_ack_time":24003,"response_time":80935,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":158810,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/configs/conf-searchbnf","uri_query":"output_mode=json&count=0&_=1619091219613"}
{"endtime":"2021-04-22T11:33:39.931337Z","timestamp":"2021-04-22T11:33:39.927830Z","bytes":1874,"bytes_in":1067,"bytes_out":807,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&search=| metadata type=sourcetypes | search totalCount > 0&preview=true&earliest_time=rt&latest_time=rt&max_count=100000&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":30,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":3507,"request_time":0,"response_ack_time":24058,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":201,"time_taken":3507,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:33:39.932097Z","timestamp":"2021-04-22T11:33:39.931730Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219621","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219621 HTTP/1.1","request_ack_time":367,"request_time":0,"response_ack_time":27390,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":367,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219621"}
{"endtime":"2021-04-22T11:33:39.947979Z","timestamp":"2021-04-22T11:33:39.947771Z","bytes":1742,"bytes_in":772,"bytes_out":970,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219622","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219622 HTTP/1.1","request_ack_time":208,"request_time":0,"response_ack_time":23453,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":208,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219622"}
{"endtime":"2021-04-22T11:33:39.952013Z","timestamp":"2021-04-22T11:33:39.951683Z","bytes":4490,"bytes_in":680,"bytes_out":3810,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","http_comment":"HTTP/1.1 200 OK","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/static/appIcon.png HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":25495,"response_time":90,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":330,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appIcon.png"}
{"endtime":"2021-04-22T11:33:40.111707Z","timestamp":"2021-04-22T11:33:40.109760Z","bytes":2697,"bytes_in":755,"bytes_out":1942,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219623","http_comment":"HTTP/1.1 200 OK","http_content_length":1196,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/rt_md_1619091219.141?output_mode=json&_=1619091219623 HTTP/1.1","request_ack_time":50,"request_time":0,"response_ack_time":25778,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1947,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/rt_md_1619091219.141","uri_query":"output_mode=json&_=1619091219623"}
{"endtime":"2021-04-22T11:33:40.230241Z","timestamp":"2021-04-22T11:33:40.229963Z","bytes":1476,"bytes_in":734,"bytes_out":742,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&time=now&_=1619091219625","http_comment":"HTTP/1.1 200 OK","http_content_length":39,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=now&_=1619091219625 HTTP/1.1","request_ack_time":278,"request_time":0,"response_ack_time":25233,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":278,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=now&_=1619091219625"}
{"endtime":"2021-04-22T11:33:40.230329Z","timestamp":"2021-04-22T11:33:40.229963Z","bytes":1484,"bytes_in":739,"bytes_out":745,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&time=-24h%40h&_=1619091219624","http_comment":"HTTP/1.1 200 OK","http_content_length":42,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&_=1619091219624 HTTP/1.1","request_ack_time":101,"request_time":0,"response_ack_time":25145,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":366,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&_=1619091219624"}
{"endtime":"2021-04-22T11:33:40.261468Z","timestamp":"2021-04-22T11:33:40.259775Z","bytes":2701,"bytes_in":756,"bytes_out":1945,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219626","http_comment":"HTTP/1.1 200 OK","http_content_length":1199,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091219.141?output_mode=json&_=1619091219626 HTTP/1.1","request_ack_time":1693,"request_time":0,"response_ack_time":28055,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1693,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091219.141","uri_query":"output_mode=json&_=1619091219626"}
{"endtime":"2021-04-22T11:33:40.300022Z","timestamp":"2021-04-22T11:33:40.299792Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h&_=1619091219627","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219627 HTTP/1.1","request_ack_time":230,"request_time":0,"response_ack_time":23441,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":230,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219627"}
{"endtime":"2021-04-22T11:33:40.525662Z","timestamp":"2021-04-22T11:33:40.523884Z","bytes":2701,"bytes_in":756,"bytes_out":1945,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219628","http_comment":"HTTP/1.1 200 OK","http_content_length":1199,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091219.141?output_mode=json&_=1619091219628 HTTP/1.1","request_ack_time":1778,"request_time":0,"response_ack_time":25882,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1778,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091219.141","uri_query":"output_mode=json&_=1619091219628"}
{"endtime":"2021-04-22T11:33:40.901988Z","timestamp":"2021-04-22T11:33:40.900217Z","bytes":2702,"bytes_in":756,"bytes_out":1946,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219629","http_comment":"HTTP/1.1 200 OK","http_content_length":1200,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091219.141?output_mode=json&_=1619091219629 HTTP/1.1","request_ack_time":1771,"request_time":0,"response_ack_time":25941,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1771,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091219.141","uri_query":"output_mode=json&_=1619091219629"}
{"endtime":"2021-04-22T11:33:41.452176Z","timestamp":"2021-04-22T11:33:41.450340Z","bytes":2810,"bytes_in":756,"bytes_out":2054,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219630","http_comment":"HTTP/1.1 200 OK","http_content_length":1308,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091219.141?output_mode=json&_=1619091219630 HTTP/1.1","request_ack_time":1836,"request_time":0,"response_ack_time":29870,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1836,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091219.141","uri_query":"output_mode=json&_=1619091219630"}
{"endtime":"2021-04-22T11:33:41.495188Z","timestamp":"2021-04-22T11:33:41.490255Z","bytes":1782,"bytes_in":868,"bytes_out":914,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&count=1&search=%7C stats sum(totalCount) as cnt%2C min(firstTime) as min%2C max(lastTime) as max&_=1619091219631","http_comment":"HTTP/1.1 200 OK","http_content_length":210,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/rt_md_1619091219.141/results_preview?output_mode=json&count=1&search=%7C+stats+sum(totalCount)+as+cnt%2C+min(firstTime)+as+min%2C+max(lastTime)+as+max&_=1619091219631 HTTP/1.1","request_ack_time":4933,"request_time":0,"response_ack_time":24781,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4933,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/rt_md_1619091219.141/results_preview","uri_query":"output_mode=json&count=1&search=%7C stats sum(totalCount) as cnt%2C min(firstTime) as min%2C max(lastTime) as max&_=1619091219631"}
{"endtime":"2021-04-22T11:33:41.874054Z","timestamp":"2021-04-22T11:33:41.850338Z","bytes":9413,"bytes_in":872,"bytes_out":8541,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search i&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219632","http_comment":"HTTP/1.1 200 OK","http_content_length":7795,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+i&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219632 HTTP/1.1","request_ack_time":23588,"request_time":0,"response_ack_time":30087,"response_time":128,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":49913,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search i&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219632"}
{"endtime":"2021-04-22T11:33:42.376036Z","timestamp":"2021-04-22T11:33:42.246509Z","bytes":8787,"bytes_in":874,"bytes_out":7913,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search ind&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219633","http_comment":"HTTP/1.1 200 OK","http_content_length":7167,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+ind&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219633 HTTP/1.1","request_ack_time":43944,"request_time":0,"response_ack_time":28195,"response_time":149,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":157870,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search ind&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219633"}
{"endtime":"2021-04-22T11:33:42.464282Z","timestamp":"2021-04-22T11:33:42.448499Z","bytes":8688,"bytes_in":876,"bytes_out":7812,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219634","http_comment":"HTTP/1.1 200 OK","http_content_length":7066,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219634 HTTP/1.1","request_ack_time":11,"request_time":0,"response_ack_time":27972,"response_time":99,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":15783,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219634"}
{"endtime":"2021-04-22T11:33:42.849715Z","timestamp":"2021-04-22T11:33:42.832494Z","bytes":8804,"bytes_in":879,"bytes_out":7925,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3D&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219635","http_comment":"HTTP/1.1 200 OK","http_content_length":7179,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3D&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219635 HTTP/1.1","request_ack_time":12,"request_time":0,"response_ack_time":30513,"response_time":107,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":17221,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3D&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219635"}
{"endtime":"2021-04-22T11:33:43.259227Z","timestamp":"2021-04-22T11:33:43.241402Z","bytes":8612,"bytes_in":881,"bytes_out":7731,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dne&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219636","http_comment":"HTTP/1.1 200 OK","http_content_length":6985,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3Dne&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219636 HTTP/1.1","request_ack_time":15,"request_time":0,"response_ack_time":31174,"response_time":98,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":45129,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dne&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219636"}
{"endtime":"2021-04-22T11:33:43.507763Z","timestamp":"2021-04-22T11:33:43.488635Z","bytes":8626,"bytes_in":883,"bytes_out":7743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetw&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219637","http_comment":"HTTP/1.1 200 OK","http_content_length":6997,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3Dnetw&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219637 HTTP/1.1","request_ack_time":19057,"request_time":0,"response_ack_time":26473,"response_time":71,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":19128,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetw&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219637"}
{"endtime":"2021-04-22T11:33:43.801593Z","timestamp":"2021-04-22T11:33:43.780847Z","bytes":8627,"bytes_in":885,"bytes_out":7742,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwor&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219638","http_comment":"HTTP/1.1 200 OK","http_content_length":6996,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3Dnetwor&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219638 HTTP/1.1","request_ack_time":20648,"request_time":0,"response_ack_time":35289,"response_time":98,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":47695,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwor&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219638"}
{"endtime":"2021-04-22T11:33:44.035819Z","timestamp":"2021-04-22T11:33:44.014667Z","bytes":8634,"bytes_in":886,"bytes_out":7748,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwork&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219639","http_comment":"HTTP/1.1 200 OK","http_content_length":7002,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3Dnetwork&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219639 HTTP/1.1","request_ack_time":21031,"request_time":0,"response_ack_time":30506,"response_time":121,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":47897,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwork&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219639"}
{"endtime":"2021-04-22T11:33:44.253226Z","timestamp":"2021-04-22T11:33:44.251922Z","bytes":1564,"bytes_in":800,"bytes_out":764,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","http_comment":"HTTP/1.1 200 OK","http_content_length":61,"http_content_type":"application/json; charset=UTF-8","http_method":"DELETE","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"DELETE /en-GB/splunkd/__raw/services/search/jobs/rt_md_1619091219.141?output_mode=json HTTP/1.1","request_ack_time":1304,"request_time":0,"response_ack_time":25185,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1304,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/rt_md_1619091219.141","uri_query":"output_mode=json"}
{"endtime":"2021-04-22T11:33:44.301491Z","timestamp":"2021-04-22T11:33:44.296652Z","bytes":7880,"bytes_in":742,"bytes_out":7138,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219640","http_comment":"HTTP/1.1 200 OK","http_content_length":6392,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219640 HTTP/1.1","request_ack_time":4764,"request_time":0,"response_ack_time":28927,"response_time":75,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":29996,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219640"}
{"endtime":"2021-04-22T11:33:44.344678Z","timestamp":"2021-04-22T11:33:44.340791Z","bytes":1963,"bytes_in":1168,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.search=index=network&search=search index=network&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":3887,"request_time":0,"response_ack_time":27734,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":201,"time_taken":3887,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:33:44.378341Z","timestamp":"2021-04-22T11:33:44.376667Z","bytes":2435,"bytes_in":749,"bytes_out":1686,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219641","http_comment":"HTTP/1.1 200 OK","http_content_length":941,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091224.144?output_mode=json&_=1619091219641 HTTP/1.1","request_ack_time":1674,"request_time":0,"response_ack_time":26079,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1674,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091224.144","uri_query":"output_mode=json&_=1619091219641"}
{"endtime":"2021-04-22T11:33:44.413752Z","timestamp":"2021-04-22T11:33:44.413461Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219642","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219642 HTTP/1.1","request_ack_time":291,"request_time":0,"response_ack_time":26646,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":291,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219642"}
{"endtime":"2021-04-22T11:33:44.454523Z","timestamp":"2021-04-22T11:33:44.452782Z","bytes":2438,"bytes_in":750,"bytes_out":1688,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219643","http_comment":"HTTP/1.1 200 OK","http_content_length":943,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144?output_mode=json&_=1619091219643 HTTP/1.1","request_ack_time":1741,"request_time":0,"response_ack_time":27999,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1741,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144","uri_query":"output_mode=json&_=1619091219643"}
{"endtime":"2021-04-22T11:33:44.533643Z","timestamp":"2021-04-22T11:33:44.533336Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h&_=1619091219644","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219644 HTTP/1.1","request_ack_time":307,"request_time":0,"response_ack_time":26743,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":307,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219644"}
{"endtime":"2021-04-22T11:33:44.569113Z","timestamp":"2021-04-22T11:33:44.199945Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"506303fe-3e3c-4571-b3d8-bd0593f1c0ba","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":321,"response_time":62,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49894,"status":200,"time_taken":369411,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:33:44.650645Z","timestamp":"2021-04-22T11:33:44.648791Z","bytes":2943,"bytes_in":750,"bytes_out":2193,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219645","http_comment":"HTTP/1.1 200 OK","http_content_length":1447,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144?output_mode=json&_=1619091219645 HTTP/1.1","request_ack_time":1854,"request_time":0,"response_ack_time":30520,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1854,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144","uri_query":"output_mode=json&_=1619091219645"}
{"endtime":"2021-04-22T11:33:44.685696Z","timestamp":"2021-04-22T11:33:44.681200Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219646","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/summary?output_mode=json&min_freq=0&_=1619091219646 HTTP/1.1","request_ack_time":4496,"request_time":0,"response_ack_time":26842,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4496,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219646"}
{"endtime":"2021-04-22T11:33:44.687396Z","timestamp":"2021-04-22T11:33:44.684906Z","bytes":2112,"bytes_in":1327,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219647","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219647 HTTP/1.1","request_ack_time":2490,"request_time":0,"response_ack_time":25157,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2490,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219647"}
{"endtime":"2021-04-22T11:33:44.722072Z","timestamp":"2021-04-22T11:33:44.717042Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219648","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/summary?output_mode=json&min_freq=0&_=1619091219648 HTTP/1.1","request_ack_time":5030,"request_time":0,"response_ack_time":26459,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":5030,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219648"}
{"endtime":"2021-04-22T11:33:44.722282Z","timestamp":"2021-04-22T11:33:44.717140Z","bytes":2112,"bytes_in":1327,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219649","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219649 HTTP/1.1","request_ack_time":5142,"request_time":0,"response_ack_time":26249,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":5142,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219649"}
{"endtime":"2021-04-22T11:33:44.924876Z","timestamp":"2021-04-22T11:33:44.922865Z","bytes":2945,"bytes_in":750,"bytes_out":2195,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219650","http_comment":"HTTP/1.1 200 OK","http_content_length":1449,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144?output_mode=json&_=1619091219650 HTTP/1.1","request_ack_time":2011,"request_time":0,"response_ack_time":25601,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2011,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144","uri_query":"output_mode=json&_=1619091219650"}
{"endtime":"2021-04-22T11:33:45.306872Z","timestamp":"2021-04-22T11:33:45.304841Z","bytes":2947,"bytes_in":750,"bytes_out":2197,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219651","http_comment":"HTTP/1.1 200 OK","http_content_length":1451,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144?output_mode=json&_=1619091219651 HTTP/1.1","request_ack_time":2031,"request_time":0,"response_ack_time":29902,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2031,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144","uri_query":"output_mode=json&_=1619091219651"}
{"endtime":"2021-04-22T11:33:45.457820Z","timestamp":"2021-04-22T11:33:45.102765Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"e215d20b-6b40-4363-b06b-bb7a35b0ba15","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":31,"request_time":0,"response_ack_time":172,"response_time":45,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49282,"status":200,"time_taken":355306,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:33:45.853079Z","timestamp":"2021-04-22T11:33:45.850932Z","bytes":3271,"bytes_in":750,"bytes_out":2521,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219652","http_comment":"HTTP/1.1 200 OK","http_content_length":1775,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144?output_mode=json&_=1619091219652 HTTP/1.1","request_ack_time":2147,"request_time":0,"response_ack_time":27563,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2147,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144","uri_query":"output_mode=json&_=1619091219652"}
{"endtime":"2021-04-22T11:33:45.898389Z","timestamp":"2021-04-22T11:33:45.885226Z","bytes":11756,"bytes_in":769,"bytes_out":10987,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219653","http_comment":"HTTP/1.1 200 OK","http_content_length":10240,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/summary?output_mode=json&min_freq=0&_=1619091219653 HTTP/1.1","request_ack_time":13041,"request_time":0,"response_ack_time":28394,"response_time":122,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":41679,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219653"}
{"endtime":"2021-04-22T11:33:45.930732Z","timestamp":"2021-04-22T11:33:45.885400Z","bytes":23920,"bytes_in":1327,"bytes_out":22593,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219654","http_comment":"HTTP/1.1 200 OK","http_content_length":21846,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219654 HTTP/1.1","request_ack_time":18768,"request_time":0,"response_ack_time":29477,"response_time":26564,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":71768,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219654"}
{"endtime":"2021-04-22T11:33:45.972426Z","timestamp":"2021-04-22T11:33:45.970951Z","bytes":1831,"bytes_in":746,"bytes_out":1085,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"offset=0&count=1000&_=1619091219655","http_comment":"HTTP/1.1 200 OK","http_content_length":348,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091224.144/timeline?offset=0&count=1000&_=1619091219655 HTTP/1.1","request_ack_time":1475,"request_time":0,"response_ack_time":28197,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1475,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091224.144/timeline","uri_query":"offset=0&count=1000&_=1619091219655"}
{"endtime":"2021-04-22T11:33:48.590055Z","timestamp":"2021-04-22T11:33:48.589376Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037478","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037478 HTTP/1.1","request_ack_time":679,"request_time":0,"response_ack_time":26995,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":679,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037478"}
{"endtime":"2021-04-22T11:33:49.483093Z","timestamp":"2021-04-22T11:33:49.481508Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1585,"request_time":0,"response_ack_time":26067,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1585,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:33:49.569704Z","timestamp":"2021-04-22T11:33:49.216004Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"ace1c6c1-9c39-4834-bc81-415353b16b6b","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":31,"request_time":0,"response_ack_time":638,"response_time":47,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49895,"status":200,"time_taken":354102,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:33:49.944156Z","timestamp":"2021-04-22T11:33:49.943545Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219656","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219656 HTTP/1.1","request_ack_time":611,"request_time":0,"response_ack_time":27113,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":611,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219656"}
{"endtime":"2021-04-22T11:33:50.571698Z","timestamp":"2021-04-22T11:33:50.209448Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27cfccb0-e1ee-466f-9220-38336be1476e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":38,"request_time":0,"response_ack_time":233,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49284,"status":200,"time_taken":362500,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:33:51.561628Z","timestamp":"2021-04-22T11:33:51.557729Z","bytes":7879,"bytes_in":742,"bytes_out":7137,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219657","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219657 HTTP/1.1","request_ack_time":3828,"request_time":0,"response_ack_time":30002,"response_time":71,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":33966,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219657"}
{"endtime":"2021-04-22T11:33:51.600771Z","timestamp":"2021-04-22T11:33:51.597953Z","bytes":2125,"bytes_in":1330,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.search=index=network&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":2818,"request_time":0,"response_ack_time":25011,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":201,"time_taken":2818,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:33:51.631638Z","timestamp":"2021-04-22T11:33:51.629738Z","bytes":2488,"bytes_in":749,"bytes_out":1739,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219658","http_comment":"HTTP/1.1 200 OK","http_content_length":994,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091231.145?output_mode=json&_=1619091219658 HTTP/1.1","request_ack_time":1900,"request_time":0,"response_ack_time":27830,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1900,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091231.145","uri_query":"output_mode=json&_=1619091219658"}
{"endtime":"2021-04-22T11:33:51.663988Z","timestamp":"2021-04-22T11:33:51.663738Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219659","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219659 HTTP/1.1","request_ack_time":250,"request_time":0,"response_ack_time":25531,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":250,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219659"}
{"endtime":"2021-04-22T11:33:51.707506Z","timestamp":"2021-04-22T11:33:51.705811Z","bytes":2492,"bytes_in":750,"bytes_out":1742,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219660","http_comment":"HTTP/1.1 200 OK","http_content_length":997,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145?output_mode=json&_=1619091219660 HTTP/1.1","request_ack_time":1695,"request_time":0,"response_ack_time":26084,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1695,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145","uri_query":"output_mode=json&_=1619091219660"}
{"endtime":"2021-04-22T11:33:51.784061Z","timestamp":"2021-04-22T11:33:51.783782Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h&_=1619091219661","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219661 HTTP/1.1","request_ack_time":279,"request_time":0,"response_ack_time":26343,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":279,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219661"}
{"endtime":"2021-04-22T11:33:51.925838Z","timestamp":"2021-04-22T11:33:51.923784Z","bytes":2991,"bytes_in":750,"bytes_out":2241,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219662","http_comment":"HTTP/1.1 200 OK","http_content_length":1495,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145?output_mode=json&_=1619091219662 HTTP/1.1","request_ack_time":2054,"request_time":0,"response_ack_time":27712,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2054,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145","uri_query":"output_mode=json&_=1619091219662"}
{"endtime":"2021-04-22T11:33:51.969217Z","timestamp":"2021-04-22T11:33:51.958226Z","bytes":8831,"bytes_in":769,"bytes_out":8062,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219663","http_comment":"HTTP/1.1 200 OK","http_content_length":7316,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary?output_mode=json&min_freq=0&_=1619091219663 HTTP/1.1","request_ack_time":10879,"request_time":0,"response_ack_time":28310,"response_time":112,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":39408,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219663"}
{"endtime":"2021-04-22T11:33:52.012209Z","timestamp":"2021-04-22T11:33:52.001808Z","bytes":8831,"bytes_in":769,"bytes_out":8062,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219665","http_comment":"HTTP/1.1 200 OK","http_content_length":7316,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary?output_mode=json&min_freq=0&_=1619091219665 HTTP/1.1","request_ack_time":10307,"request_time":0,"response_ack_time":29469,"response_time":94,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":37921,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219665"}
{"endtime":"2021-04-22T11:33:52.013734Z","timestamp":"2021-04-22T11:33:51.958131Z","bytes":28930,"bytes_in":1327,"bytes_out":27603,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219664","http_comment":"HTTP/1.1 200 OK","http_content_length":26856,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219664 HTTP/1.1","request_ack_time":22989,"request_time":0,"response_ack_time":27945,"response_time":32614,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":83908,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219664"}
{"endtime":"2021-04-22T11:33:52.065082Z","timestamp":"2021-04-22T11:33:52.050042Z","bytes":28930,"bytes_in":1327,"bytes_out":27603,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219666","http_comment":"HTTP/1.1 200 OK","http_content_length":26856,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219666 HTTP/1.1","request_ack_time":14736,"request_time":0,"response_ack_time":32523,"response_time":304,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":41881,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219666"}
{"endtime":"2021-04-22T11:33:52.202217Z","timestamp":"2021-04-22T11:33:52.199923Z","bytes":3320,"bytes_in":750,"bytes_out":2570,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219667","http_comment":"HTTP/1.1 200 OK","http_content_length":1824,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145?output_mode=json&_=1619091219667 HTTP/1.1","request_ack_time":2294,"request_time":0,"response_ack_time":27415,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2294,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145","uri_query":"output_mode=json&_=1619091219667"}
{"endtime":"2021-04-22T11:33:52.250785Z","timestamp":"2021-04-22T11:33:52.237129Z","bytes":11750,"bytes_in":769,"bytes_out":10981,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219668","http_comment":"HTTP/1.1 200 OK","http_content_length":10234,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary?output_mode=json&min_freq=0&_=1619091219668 HTTP/1.1","request_ack_time":13559,"request_time":0,"response_ack_time":34953,"response_time":97,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":48696,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219668"}
{"endtime":"2021-04-22T11:33:52.273427Z","timestamp":"2021-04-22T11:33:52.271953Z","bytes":1831,"bytes_in":746,"bytes_out":1085,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"offset=0&count=1000&_=1619091219669","http_comment":"HTTP/1.1 200 OK","http_content_length":348,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091231.145/timeline?offset=0&count=1000&_=1619091219669 HTTP/1.1","request_ack_time":1474,"request_time":0,"response_ack_time":50896,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1474,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091231.145/timeline","uri_query":"offset=0&count=1000&_=1619091219669"}
{"endtime":"2021-04-22T11:33:55.325847Z","timestamp":"2021-04-22T11:33:55.312309Z","bytes":11622,"bytes_in":771,"bytes_out":10851,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=.01&_=1619091219670","http_comment":"HTTP/1.1 200 OK","http_content_length":10104,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary?output_mode=json&min_freq=.01&_=1619091219670 HTTP/1.1","request_ack_time":13430,"request_time":0,"response_ack_time":28340,"response_time":108,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":41949,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary","uri_query":"output_mode=json&min_freq=.01&_=1619091219670"}
{"endtime":"2021-04-22T11:33:55.524043Z","timestamp":"2021-04-22T11:33:55.168873Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c6d5ea52-2263-4b60-b309-6d3140c91319","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":373,"response_time":79,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49896,"status":200,"time_taken":355543,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:33:56.440307Z","timestamp":"2021-04-22T11:33:56.073394Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"bfabb75b-9fbb-46a1-baa3-c3cf6901352e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":172,"response_time":96,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49286,"status":200,"time_taken":367126,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:33:57.297517Z","timestamp":"2021-04-22T11:33:57.282635Z","bytes":11750,"bytes_in":769,"bytes_out":10981,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219671","http_comment":"HTTP/1.1 200 OK","http_content_length":10234,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary?output_mode=json&min_freq=0&_=1619091219671 HTTP/1.1","request_ack_time":14742,"request_time":0,"response_ack_time":26971,"response_time":140,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":41962,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219671"}
{"endtime":"2021-04-22T11:33:58.493484Z","timestamp":"2021-04-22T11:33:58.492761Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037479","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037479 HTTP/1.1","request_ack_time":723,"request_time":0,"response_ack_time":27010,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":723,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037479"}
{"endtime":"2021-04-22T11:33:59.937765Z","timestamp":"2021-04-22T11:33:59.937053Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219672","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219672 HTTP/1.1","request_ack_time":712,"request_time":0,"response_ack_time":24981,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":712,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219672"}
{"endtime":"2021-04-22T11:34:01.485659Z","timestamp":"2021-04-22T11:34:01.121808Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"db0ffa32-d46c-405d-a5ff-38671ceca350","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":429,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49898,"status":200,"time_taken":364185,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:01.564807Z","timestamp":"2021-04-22T11:34:01.191937Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"425ccd1d-bb9a-4737-96c2-c64df6220f87","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":146,"response_time":93,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49288,"status":200,"time_taken":373082,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:04.593455Z","timestamp":"2021-04-22T11:34:04.591803Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1652,"request_time":0,"response_ack_time":27989,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1652,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:34:05.309944Z","timestamp":"2021-04-22T11:34:05.305922Z","bytes":1839,"bytes_in":982,"bytes_out":857,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&q=search index=network&stripReportsSearch=false&action=fieldvalue&field=src&value=10.0.1.14","http_comment":"HTTP/1.1 200 OK","http_content_length":153,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser HTTP/1.1","request_ack_time":4022,"request_time":0,"response_ack_time":27618,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4022,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser"}
{"endtime":"2021-04-22T11:34:05.407478Z","timestamp":"2021-04-22T11:34:05.403835Z","bytes":7879,"bytes_in":742,"bytes_out":7137,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219673","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219673 HTTP/1.1","request_ack_time":3558,"request_time":0,"response_ack_time":29489,"response_time":85,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":33206,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219673"}
{"endtime":"2021-04-22T11:34:05.446742Z","timestamp":"2021-04-22T11:34:05.444034Z","bytes":2169,"bytes_in":1374,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.search=index=network src=\"10.0.1.14\"&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network src=\"10.0.1.14\"&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":2708,"request_time":0,"response_ack_time":24826,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":201,"time_taken":2708,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:34:05.481658Z","timestamp":"2021-04-22T11:34:05.479895Z","bytes":2504,"bytes_in":749,"bytes_out":1755,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219674","http_comment":"HTTP/1.1 200 OK","http_content_length":1009,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091245.146?output_mode=json&_=1619091219674 HTTP/1.1","request_ack_time":1763,"request_time":0,"response_ack_time":27945,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1763,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091245.146","uri_query":"output_mode=json&_=1619091219674"}
{"endtime":"2021-04-22T11:34:05.516126Z","timestamp":"2021-04-22T11:34:05.515858Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219675","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219675 HTTP/1.1","request_ack_time":268,"request_time":0,"response_ack_time":23419,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":268,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219675"}
{"endtime":"2021-04-22T11:34:05.559550Z","timestamp":"2021-04-22T11:34:05.557860Z","bytes":2508,"bytes_in":750,"bytes_out":1758,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219676","http_comment":"HTTP/1.1 200 OK","http_content_length":1012,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146?output_mode=json&_=1619091219676 HTTP/1.1","request_ack_time":1690,"request_time":0,"response_ack_time":40200,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1690,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146","uri_query":"output_mode=json&_=1619091219676"}
{"endtime":"2021-04-22T11:34:05.634164Z","timestamp":"2021-04-22T11:34:05.633840Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h&_=1619091219677","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219677 HTTP/1.1","request_ack_time":324,"request_time":0,"response_ack_time":26523,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":324,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219677"}
{"endtime":"2021-04-22T11:34:05.776347Z","timestamp":"2021-04-22T11:34:05.773897Z","bytes":3740,"bytes_in":750,"bytes_out":2990,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219678","http_comment":"HTTP/1.1 200 OK","http_content_length":2244,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146?output_mode=json&_=1619091219678 HTTP/1.1","request_ack_time":2370,"request_time":0,"response_ack_time":27322,"response_time":80,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":29852,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146","uri_query":"output_mode=json&_=1619091219678"}
{"endtime":"2021-04-22T11:34:05.815872Z","timestamp":"2021-04-22T11:34:05.807944Z","bytes":6148,"bytes_in":769,"bytes_out":5379,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219679","http_comment":"HTTP/1.1 200 OK","http_content_length":4633,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary?output_mode=json&min_freq=0&_=1619091219679 HTTP/1.1","request_ack_time":7918,"request_time":0,"response_ack_time":27791,"response_time":10,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":7928,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219679"}
{"endtime":"2021-04-22T11:34:05.821850Z","timestamp":"2021-04-22T11:34:05.812147Z","bytes":7351,"bytes_in":1327,"bytes_out":6024,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219680","http_comment":"HTTP/1.1 200 OK","http_content_length":5278,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219680 HTTP/1.1","request_ack_time":9695,"request_time":0,"response_ack_time":29902,"response_time":8,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":9703,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219680"}
{"endtime":"2021-04-22T11:34:05.857242Z","timestamp":"2021-04-22T11:34:05.847945Z","bytes":6470,"bytes_in":769,"bytes_out":5701,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219681","http_comment":"HTTP/1.1 200 OK","http_content_length":4955,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary?output_mode=json&min_freq=0&_=1619091219681 HTTP/1.1","request_ack_time":9287,"request_time":0,"response_ack_time":26462,"response_time":10,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":35768,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219681"}
{"endtime":"2021-04-22T11:34:05.869243Z","timestamp":"2021-04-22T11:34:05.856944Z","bytes":7351,"bytes_in":1327,"bytes_out":6024,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219682","http_comment":"HTTP/1.1 200 OK","http_content_length":5278,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219682 HTTP/1.1","request_ack_time":12198,"request_time":0,"response_ack_time":28496,"response_time":101,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":12299,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219682"}
{"endtime":"2021-04-22T11:34:06.054904Z","timestamp":"2021-04-22T11:34:06.051983Z","bytes":4087,"bytes_in":750,"bytes_out":3337,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219683","http_comment":"HTTP/1.1 200 OK","http_content_length":2591,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146?output_mode=json&_=1619091219683 HTTP/1.1","request_ack_time":2794,"request_time":0,"response_ack_time":26903,"response_time":127,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2921,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146","uri_query":"output_mode=json&_=1619091219683"}
{"endtime":"2021-04-22T11:34:06.098476Z","timestamp":"2021-04-22T11:34:06.089960Z","bytes":6470,"bytes_in":769,"bytes_out":5701,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219684","http_comment":"HTTP/1.1 200 OK","http_content_length":4955,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary?output_mode=json&min_freq=0&_=1619091219684 HTTP/1.1","request_ack_time":8507,"request_time":0,"response_ack_time":27299,"response_time":9,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":35824,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219684"}
{"endtime":"2021-04-22T11:34:06.113559Z","timestamp":"2021-04-22T11:34:06.111939Z","bytes":1830,"bytes_in":746,"bytes_out":1084,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"offset=0&count=1000&_=1619091219685","http_comment":"HTTP/1.1 200 OK","http_content_length":347,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091245.146/timeline?offset=0&count=1000&_=1619091219685 HTTP/1.1","request_ack_time":1620,"request_time":0,"response_ack_time":24166,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1620,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091245.146/timeline","uri_query":"offset=0&count=1000&_=1619091219685"}
{"endtime":"2021-04-22T11:34:06.561430Z","timestamp":"2021-04-22T11:34:06.199849Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"76a9568a-2140-4933-a7b5-131d250d2028","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":394,"response_time":51,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49899,"status":200,"time_taken":361845,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:07.433125Z","timestamp":"2021-04-22T11:34:07.066459Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"443c1a75-0923-41c9-bdbc-0adee0a8496a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":207,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49290,"status":200,"time_taken":366901,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:08.612916Z","timestamp":"2021-04-22T11:34:08.612298Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037480","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037480 HTTP/1.1","request_ack_time":618,"request_time":0,"response_ack_time":29100,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":618,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037480"}
{"endtime":"2021-04-22T11:34:09.941169Z","timestamp":"2021-04-22T11:34:09.940448Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219686","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219686 HTTP/1.1","request_ack_time":721,"request_time":0,"response_ack_time":26565,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":721,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219686"}
{"endtime":"2021-04-22T11:34:12.527643Z","timestamp":"2021-04-22T11:34:12.168496Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"b79eb60c-4833-482c-9f15-dd267e942e1c","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":385,"response_time":59,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49900,"status":200,"time_taken":359417,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:12.547234Z","timestamp":"2021-04-22T11:34:12.184705Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a399ab27-92ce-4ec7-ba10-8ab3bafe994d","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":25,"request_time":0,"response_ack_time":152,"response_time":52,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49292,"status":200,"time_taken":362730,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:15.262668Z","timestamp":"2021-04-22T11:34:15.253354Z","bytes":6449,"bytes_in":771,"bytes_out":5678,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=.01&_=1619091219687","http_comment":"HTTP/1.1 200 OK","http_content_length":4932,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary?output_mode=json&min_freq=.01&_=1619091219687 HTTP/1.1","request_ack_time":9304,"request_time":0,"response_ack_time":28477,"response_time":10,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":37801,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary","uri_query":"output_mode=json&min_freq=.01&_=1619091219687"}
{"endtime":"2021-04-22T11:34:18.412048Z","timestamp":"2021-04-22T11:34:18.048841Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"cafad696-1c15-4faf-b996-19b659b72ce4","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":180,"response_time":1723,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49294,"status":200,"time_taken":363416,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:18.529617Z","timestamp":"2021-04-22T11:34:18.168472Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"56ad9484-2d98-4b60-9167-c1f238d58f86","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":429,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49901,"status":200,"time_taken":361402,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:18.582341Z","timestamp":"2021-04-22T11:34:18.581821Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037481","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037481 HTTP/1.1","request_ack_time":520,"request_time":0,"response_ack_time":29955,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":520,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037481"}
{"endtime":"2021-04-22T11:34:19.533585Z","timestamp":"2021-04-22T11:34:19.532013Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1572,"request_time":0,"response_ack_time":28102,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1572,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:34:19.944649Z","timestamp":"2021-04-22T11:34:19.944060Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219688","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219688 HTTP/1.1","request_ack_time":589,"request_time":0,"response_ack_time":27137,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":589,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219688"}
{"endtime":"2021-04-22T11:34:21.132012Z","timestamp":"2021-04-22T11:34:21.130254Z","bytes":1674,"bytes_in":912,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/control HTTP/1.1","request_ack_time":1758,"request_time":0,"response_ack_time":27894,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1758,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/control"}
{"endtime":"2021-04-22T11:34:23.533300Z","timestamp":"2021-04-22T11:34:23.163635Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a8f627d2-6441-460a-a674-8936686e3694","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":221,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49296,"status":200,"time_taken":369896,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:23.541108Z","timestamp":"2021-04-22T11:34:23.184120Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"8f3ed6e9-1e58-4428-b011-2d89a9ff3625","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":354,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49902,"status":200,"time_taken":357320,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:24.065675Z","timestamp":"2021-04-22T11:34:24.056698Z","bytes":6470,"bytes_in":769,"bytes_out":5701,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219689","http_comment":"HTTP/1.1 200 OK","http_content_length":4955,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary?output_mode=json&min_freq=0&_=1619091219689 HTTP/1.1","request_ack_time":8967,"request_time":0,"response_ack_time":28742,"response_time":10,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":8977,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219689"}
{"endtime":"2021-04-22T11:34:28.585966Z","timestamp":"2021-04-22T11:34:28.585274Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037482","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037482 HTTP/1.1","request_ack_time":692,"request_time":0,"response_ack_time":27081,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":692,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037482"}
{"endtime":"2021-04-22T11:34:29.398892Z","timestamp":"2021-04-22T11:34:29.035365Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"ca6e94a0-1cfa-43da-bbbd-83b2ef3441bb","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":395,"response_time":60,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49300,"status":200,"time_taken":363846,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:29.485365Z","timestamp":"2021-04-22T11:34:29.121714Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"6715a2bc-f0ea-4812-aad2-7240b0138fb6","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":363,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49903,"status":200,"time_taken":364030,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:29.936275Z","timestamp":"2021-04-22T11:34:29.935565Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219690","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219690 HTTP/1.1","request_ack_time":710,"request_time":0,"response_ack_time":29051,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":710,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219690"}
{"endtime":"2021-04-22T11:34:32.099126Z","timestamp":"2021-04-22T11:34:32.089992Z","bytes":6449,"bytes_in":771,"bytes_out":5678,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=.01&_=1619091219691","http_comment":"HTTP/1.1 200 OK","http_content_length":4932,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary?output_mode=json&min_freq=.01&_=1619091219691 HTTP/1.1","request_ack_time":9124,"request_time":0,"response_ack_time":28554,"response_time":10,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":9134,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary","uri_query":"output_mode=json&min_freq=.01&_=1619091219691"}
{"endtime":"2021-04-22T11:34:34.337872Z","timestamp":"2021-04-22T11:34:34.336234Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1638,"request_time":0,"response_ack_time":26069,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1638,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:34:34.508426Z","timestamp":"2021-04-22T11:34:34.150821Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"5ec149d7-c0a9-4ea7-9699-886380f67de4","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":206,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49302,"status":200,"time_taken":357823,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:35.510046Z","timestamp":"2021-04-22T11:34:35.152917Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"0640514e-2fa0-45e7-ab2d-fdebcfcc6a5e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":41,"request_time":0,"response_ack_time":267,"response_time":57,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49904,"status":200,"time_taken":357487,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:36.018055Z","timestamp":"2021-04-22T11:34:36.018055Z","count":170,"c_ip":"46.128.24.64","sum(bytes_in)":147688,"sum(bytes_out)":622485,"sum(time_taken)":2028240}
{"endtime":"2021-04-22T11:34:36.018055Z","timestamp":"2021-04-22T11:34:36.018055Z","count":15,"c_ip":"10.0.1.18","sum(bytes_in)":2591,"sum(bytes_out)":723861,"sum(time_taken)":7057383}
{"endtime":"2021-04-22T11:34:36.018055Z","timestamp":"2021-04-22T11:34:36.018055Z","count":12,"c_ip":"10.0.1.15","sum(bytes_in)":2018,"sum(bytes_out)":11793,"sum(time_taken)":5887597}
{"endtime":"2021-04-22T11:34:36.018126Z","timestamp":"2021-04-22T11:34:36.018126Z","count":197,"dest_ip":"10.0.1.12","sum(time_taken)":14973220}
{"endtime":"2021-04-22T11:34:36.018134Z","timestamp":"2021-04-22T11:34:36.018134Z","count":1,"dest_ip":"10.0.1.12","status":304}
{"endtime":"2021-04-22T11:34:36.018134Z","timestamp":"2021-04-22T11:34:36.018134Z","count":1,"dest_ip":"10.0.1.12","status":303}
{"endtime":"2021-04-22T11:34:36.018134Z","timestamp":"2021-04-22T11:34:36.018134Z","count":6,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:34:36.018134Z","timestamp":"2021-04-22T11:34:36.018134Z","count":189,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":304,"uri_path":"/en-GB/config","sum(bytes_in)":673,"sum(bytes_out)":188,"sum(time_taken)":17207}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":303,"uri_path":"/en-GB/app/search/","sum(bytes_in)":736,"sum(bytes_out)":592,"sum(time_taken)":133915}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs","sum(bytes_in)":5439,"sum(bytes_out)":2834,"sum(time_taken)":14065}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs","sum(bytes_in)":3872,"sum(bytes_out)":2385,"sum(time_taken)":9413}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/instrumentation_controller/instrumentation_eligibility","sum(bytes_in)":792,"sum(bytes_out)":978,"sum(time_taken)":21644}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general","sum(bytes_in)":763,"sum(bytes_out)":1593,"sum(time_taken)":611}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/rt_md_1619091219.141","sum(bytes_in)":3024,"sum(bytes_out)":7890,"sum(time_taken)":7078}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary","sum(bytes_in)":3849,"sum(bytes_out)":28137,"sum(time_taken)":99608}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/events","sum(bytes_in)":2654,"sum(bytes_out)":12048,"sum(time_taken)":22002}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/control","sum(bytes_in)":912,"sum(bytes_out)":762,"sum(time_taken)":1758}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146","sum(bytes_in)":2250,"sum(bytes_out)":8085,"sum(time_taken)":34463}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/summary","sum(bytes_in)":3847,"sum(bytes_out)":48937,"sum(time_taken)":209936}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145/events","sum(bytes_in)":2654,"sum(bytes_out)":55206,"sum(time_taken)":125789}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091231.145","sum(bytes_in)":2250,"sum(bytes_out)":6553,"sum(time_taken)":6043}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/summary","sum(bytes_in)":2307,"sum(bytes_out)":12675,"sum(time_taken)":51205}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144/events","sum(bytes_in)":3981,"sum(bytes_out)":24163,"sum(time_taken)":79400}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091224.144","sum(bytes_in)":3750,"sum(bytes_out)":10794,"sum(time_taken)":9784}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":3644,"sum(bytes_out)":3048,"sum(time_taken)":6186}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/user-prefs/data/user-prefs/general","sum(bytes_in)":2614,"sum(bytes_out)":3324,"sum(time_taken)":2718}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search9_1619091214.128","sum(bytes_in)":834,"sum(bytes_out)":2116,"sum(time_taken)":2380}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__search10_1619091214.129","sum(bytes_in)":835,"sum(bytes_out)":1861,"sum(time_taken)":1782}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","sum(bytes_in)":3752,"sum(bytes_out)":3355,"sum(time_taken)":6808}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130","sum(bytes_in)":837,"sum(bytes_out)":1963,"sum(time_taken)":3804}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/scheduled/views/attack_range_main_dashboard","sum(bytes_in)":789,"sum(bytes_out)":1554,"sum(time_taken)":2419}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/user-prefs/general_default","sum(bytes_in)":777,"sum(bytes_out)":1326,"sum(time_taken)":537}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/visualizations","sum(bytes_in)":818,"sum(bytes_out)":6971,"sum(time_taken)":35892}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/data/ui/ui-tour","sum(bytes_in)":770,"sum(bytes_out)":5367,"sum(time_taken)":2202}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/splunk_attack_range_reporting/alerts/alert_actions","sum(bytes_in)":886,"sum(bytes_out)":3092,"sum(time_taken)":2456}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appIcon.png","sum(bytes_in)":680,"sum(bytes_out)":3810,"sum(time_taken)":330}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/rt_md_1619091219.141/results_preview","sum(bytes_in)":868,"sum(bytes_out)":914,"sum(time_taken)":4933}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/rt_md_1619091219.141","sum(bytes_in)":755,"sum(bytes_out)":1942,"sum(time_taken)":1947}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091245.146","sum(bytes_in)":749,"sum(bytes_out)":1755,"sum(time_taken)":1763}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091231.145","sum(bytes_in)":749,"sum(bytes_out)":1739,"sum(time_taken)":1900}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091224.144","sum(bytes_in)":749,"sum(bytes_out)":1686,"sum(time_taken)":1674}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser","sum(bytes_in)":982,"sum(bytes_out)":857,"sum(time_taken)":4022}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","sum(bytes_in)":2226,"sum(bytes_out)":21412,"sum(time_taken)":97168}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/workflow-actions","sum(bytes_in)":794,"sum(bytes_out)":6515,"sum(time_taken)":5790}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/visualizations","sum(bytes_in)":824,"sum(bytes_out)":6953,"sum(time_taken)":4228}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/ui-tour","sum(bytes_in)":747,"sum(bytes_out)":5416,"sum(time_taken)":31867}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/times","sum(bytes_in)":745,"sum(bytes_out)":2631,"sum(time_taken)":1524}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search","sum(bytes_in)":743,"sum(bytes_out)":2113,"sum(time_taken)":962}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/configs/conf-searchbnf","sum(bytes_in)":753,"sum(bytes_out)":129281,"sum(time_taken)":158810}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/data/ui/manager","sum(bytes_in)":750,"sum(bytes_out)":10256,"sum(time_taken)":41608}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/-/apps/local","sum(bytes_in)":1568,"sum(bytes_out)":13946,"sum(time_taken)":65625}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/workloads/status","sum(bytes_in)":724,"sum(bytes_out)":1249,"sum(time_taken)":376}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":12,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":8748,"sum(bytes_out)":13902,"sum(time_taken)":7568}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":9,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":6979,"sum(bytes_out)":6973,"sum(time_taken)":2557}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":8,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/shelper","sum(bytes_in)":7036,"sum(bytes_out)":63155,"sum(time_taken)":400636}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/rt_md_1619091219.141","sum(bytes_in)":800,"sum(bytes_out)":764,"sum(time_taken)":1304}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":40,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/admin__admin_c3BsdW5rX2F0dGFja19yYW5nZV9yZXBvcnRpbmc__BaseSearch_1619091214.130/results_preview","sum(bytes_in)":35928,"sum(bytes_out)":34074,"sum(time_taken)":85650}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091245.146/timeline","sum(bytes_in)":746,"sum(bytes_out)":1084,"sum(time_taken)":1620}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091231.145/timeline","sum(bytes_in)":746,"sum(bytes_out)":1085,"sum(time_taken)":1474}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091224.144/timeline","sum(bytes_in)":746,"sum(bytes_out)":1085,"sum(time_taken)":1475}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs","sum(bytes_in)":3558,"sum(bytes_out)":11463,"sum(time_taken)":37345}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1544,"sum(bytes_out)":1940,"sum(time_taken)":550}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/data/user-prefs/general","sum(bytes_in)":731,"sum(bytes_out)":1625,"sum(time_taken)":735}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/configs/conf-web/settings","sum(bytes_in)":1466,"sum(bytes_out)":5804,"sum(time_taken)":10410}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/authorization/roles","sum(bytes_in)":735,"sum(bytes_out)":2661,"sum(time_taken)":1121}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/authentication/users/admin","sum(bytes_in)":1468,"sum(bytes_out)":4461,"sum(time_taken)":1432}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/app/search/search","sum(bytes_in)":742,"sum(bytes_out)":2137,"sum(time_taken)":138731}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/vocabularies/","sum(bytes_in)":175,"sum(bytes_out)":246012,"sum(time_taken)":364615}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":1,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/streams/","sum(bytes_in)":231,"sum(bytes_out)":465059,"sum(time_taken)":392914}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":23,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3841,"sum(bytes_out)":22931,"sum(time_taken)":8334457}
{"endtime":"2021-04-22T11:34:36.018155Z","timestamp":"2021-04-22T11:34:36.018155Z","count":2,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/captureipaddresses/","sum(bytes_in)":362,"sum(bytes_out)":1652,"sum(time_taken)":3852994}
{"endtime":"2021-04-22T11:34:36.094100Z","timestamp":"2021-04-22T11:34:36.092546Z","bytes":1674,"bytes_in":912,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/control HTTP/1.1","request_ack_time":1554,"request_time":0,"response_ack_time":28088,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1554,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/control"}
{"endtime":"2021-04-22T11:34:38.383234Z","timestamp":"2021-04-22T11:34:38.381901Z","bytes":2858,"bytes_in":743,"bytes_out":2115,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219692","http_comment":"HTTP/1.1 200 OK","http_content_length":1369,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search?output_mode=json&_=1619091219692 HTTP/1.1","request_ack_time":1333,"request_time":0,"response_ack_time":31277,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1333,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search","uri_query":"output_mode=json&_=1619091219692"}
{"endtime":"2021-04-22T11:34:38.385075Z","timestamp":"2021-04-22T11:34:38.381360Z","bytes":6262,"bytes_in":2545,"bytes_out":3717,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.search=index=network src=\"10.0.1.14\"&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\"]","http_comment":"HTTP/1.1 200 OK","http_content_length":2971,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/services/search/jobs/1619091245.146 HTTP/1.1","request_ack_time":47,"request_time":541,"response_ack_time":25510,"response_time":10,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":29235,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091245.146"}
{"endtime":"2021-04-22T11:34:38.393334Z","timestamp":"2021-04-22T11:34:38.384468Z","bytes":6470,"bytes_in":769,"bytes_out":5701,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&min_freq=0&_=1619091219693","http_comment":"HTTP/1.1 200 OK","http_content_length":4955,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary?output_mode=json&min_freq=0&_=1619091219693 HTTP/1.1","request_ack_time":8857,"request_time":0,"response_ack_time":29004,"response_time":9,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":37879,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219693"}
{"endtime":"2021-04-22T11:34:38.440265Z","timestamp":"2021-04-22T11:34:38.430753Z","bytes":8805,"bytes_in":1935,"bytes_out":6870,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219694","http_comment":"HTTP/1.1 200 OK","http_content_length":6124,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219694 HTTP/1.1","request_ack_time":6,"request_time":33,"response_ack_time":26002,"response_time":67,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":9512,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219694"}
{"endtime":"2021-04-22T11:34:38.566269Z","timestamp":"2021-04-22T11:34:38.557228Z","bytes":5979,"bytes_in":3875,"bytes_out":2104,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&countPerPage=&dispatch.earliest_time=&dispatch.latest_time=&display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\"]&display.events.list.drilldown=full&display.events.list.wrap=1&display.events.maxLines=5&display.events.raw.drilldown=full&display.events.rowNumbers=0&display.events.table.drilldown=1&display.events.table.wrap=1&display.events.type=list&display.general.enablePreview=1&display.page.home.showGettingStarted=1&display.page.search.mode=smart&display.page.search.patterns.sensitivity=0.8&display.page.search.searchHistoryCount=20&display.page.search.searchHistoryTimeFilter=0&display.page.search.showFields=1&display.page.search.timeline.format=compact&display.page.search.timeline.scale=linear&display.prefs.aclFilter=none&display.prefs.appFilter=none&display.prefs.autoOpenSearchAssistant=1&display.prefs.customSampleRatio=1000&display.prefs.enableMetaData=1&display.prefs.events.count=20&display.prefs.fieldCoverage=.01&display.prefs.listMode=tiles&display.prefs.livetail=0&display.prefs.searchContext=search&display.prefs.showDataSummary=1&display.prefs.showSPL=0&display.prefs.statistics.count=20&display.prefs.timeline.height=120px&display.prefs.timeline.minimalMode=1&display.prefs.timeline.minimized=0&display.statistics.drilldown=cell&display.statistics.rowNumbers=0&display.statistics.wrap=1&display.visualizations.chartHeight=300&display.visualizations.charting.chart=column&display.visualizations.charting.chart.style=shiny&display.visualizations.charting.legend.labelStyle.overflowMode=ellipsisMiddle&display.visualizations.custom.type=&display.visualizations.type=charting","http_comment":"HTTP/1.1 200 OK","http_content_length":1358,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search HTTP/1.1","request_ack_time":12,"request_time":749,"response_ack_time":25991,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":9041,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search"}
{"endtime":"2021-04-22T11:34:38.577289Z","timestamp":"2021-04-22T11:34:38.576810Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037483","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037483 HTTP/1.1","request_ack_time":479,"request_time":0,"response_ack_time":25270,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":479,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037483"}
{"endtime":"2021-04-22T11:34:38.581032Z","timestamp":"2021-04-22T11:34:38.580830Z","bytes":1742,"bytes_in":772,"bytes_out":970,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037484","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037484 HTTP/1.1","request_ack_time":202,"request_time":0,"response_ack_time":25498,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":202,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037484"}
{"endtime":"2021-04-22T11:34:39.622711Z","timestamp":"2021-04-22T11:34:39.260193Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"31197cc1-eca7-4342-bfb4-85e17ebbb4a5","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":173,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49304,"status":200,"time_taken":362730,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:39.941767Z","timestamp":"2021-04-22T11:34:39.941061Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219695","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219695 HTTP/1.1","request_ack_time":706,"request_time":0,"response_ack_time":26985,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":706,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219695"}
{"endtime":"2021-04-22T11:34:39.949238Z","timestamp":"2021-04-22T11:34:39.949055Z","bytes":1742,"bytes_in":772,"bytes_out":970,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219696","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219696 HTTP/1.1","request_ack_time":183,"request_time":0,"response_ack_time":27545,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":183,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219696"}
{"endtime":"2021-04-22T11:34:41.525005Z","timestamp":"2021-04-22T11:34:41.168254Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"e9111da5-41a6-4978-ab1e-9e85e21cb7fe","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":37,"request_time":0,"response_ack_time":421,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49905,"status":200,"time_taken":357044,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:41.926026Z","timestamp":"2021-04-22T11:34:41.921438Z","bytes":1903,"bytes_in":1006,"bytes_out":897,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&q=search index=network src=\"10.0.1.14\"&stripReportsSearch=false&action=fieldvalue&field=host&value=win-dc-178","http_comment":"HTTP/1.1 200 OK","http_content_length":193,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser HTTP/1.1","request_ack_time":4588,"request_time":0,"response_ack_time":25070,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4588,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser"}
{"endtime":"2021-04-22T11:34:42.016159Z","timestamp":"2021-04-22T11:34:42.011354Z","bytes":7880,"bytes_in":742,"bytes_out":7138,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219697","http_comment":"HTTP/1.1 200 OK","http_content_length":6392,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219697 HTTP/1.1","request_ack_time":4722,"request_time":0,"response_ack_time":29067,"response_time":83,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4805,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219697"}
{"endtime":"2021-04-22T11:34:42.064526Z","timestamp":"2021-04-22T11:34:42.055660Z","bytes":3672,"bytes_in":2877,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\"]&custom.search=index=network src=\"10.0.1.14\" host=\"win-dc-178\"&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network src=\"10.0.1.14\" host=\"win-dc-178\"&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":62,"request_time":423,"response_ack_time":26564,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":201,"time_taken":8866,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:34:42.096990Z","timestamp":"2021-04-22T11:34:42.095364Z","bytes":2810,"bytes_in":749,"bytes_out":2061,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219698","http_comment":"HTTP/1.1 200 OK","http_content_length":1315,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091282.147?output_mode=json&_=1619091219698 HTTP/1.1","request_ack_time":1626,"request_time":0,"response_ack_time":26135,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1626,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091282.147","uri_query":"output_mode=json&_=1619091219698"}
{"endtime":"2021-04-22T11:34:42.131662Z","timestamp":"2021-04-22T11:34:42.131410Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219699","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219699 HTTP/1.1","request_ack_time":252,"request_time":0,"response_ack_time":30650,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":252,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219699"}
{"endtime":"2021-04-22T11:34:42.181164Z","timestamp":"2021-04-22T11:34:42.179383Z","bytes":2943,"bytes_in":750,"bytes_out":2193,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219700","http_comment":"HTTP/1.1 200 OK","http_content_length":1447,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147?output_mode=json&_=1619091219700 HTTP/1.1","request_ack_time":1781,"request_time":0,"response_ack_time":26073,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1781,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147","uri_query":"output_mode=json&_=1619091219700"}
{"endtime":"2021-04-22T11:34:42.253707Z","timestamp":"2021-04-22T11:34:42.253407Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h&_=1619091219701","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219701 HTTP/1.1","request_ack_time":300,"request_time":0,"response_ack_time":25417,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":300,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219701"}
{"endtime":"2021-04-22T11:34:42.389461Z","timestamp":"2021-04-22T11:34:42.387599Z","bytes":2943,"bytes_in":750,"bytes_out":2193,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219702","http_comment":"HTTP/1.1 200 OK","http_content_length":1447,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147?output_mode=json&_=1619091219702 HTTP/1.1","request_ack_time":1862,"request_time":0,"response_ack_time":25711,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1862,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147","uri_query":"output_mode=json&_=1619091219702"}
{"endtime":"2021-04-22T11:34:42.655752Z","timestamp":"2021-04-22T11:34:42.653417Z","bytes":3761,"bytes_in":750,"bytes_out":3011,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219703","http_comment":"HTTP/1.1 200 OK","http_content_length":2265,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147?output_mode=json&_=1619091219703 HTTP/1.1","request_ack_time":2267,"request_time":0,"response_ack_time":27473,"response_time":68,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":29875,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147","uri_query":"output_mode=json&_=1619091219703"}
{"endtime":"2021-04-22T11:34:42.694808Z","timestamp":"2021-04-22T11:34:42.691715Z","bytes":2720,"bytes_in":1935,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219705","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219705 HTTP/1.1","request_ack_time":8,"request_time":319,"response_ack_time":24343,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":3093,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219705"}
{"endtime":"2021-04-22T11:34:42.696930Z","timestamp":"2021-04-22T11:34:42.692034Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219704","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/summary?output_mode=json&min_freq=0&_=1619091219704 HTTP/1.1","request_ack_time":4896,"request_time":0,"response_ack_time":26717,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4896,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219704"}
{"endtime":"2021-04-22T11:34:42.726348Z","timestamp":"2021-04-22T11:34:42.723698Z","bytes":2720,"bytes_in":1935,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219706","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219706 HTTP/1.1","request_ack_time":6,"request_time":118,"response_ack_time":26825,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2650,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219706"}
{"endtime":"2021-04-22T11:34:42.731761Z","timestamp":"2021-04-22T11:34:42.727492Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219707","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/summary?output_mode=json&min_freq=0&_=1619091219707 HTTP/1.1","request_ack_time":4269,"request_time":0,"response_ack_time":27413,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":4269,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219707"}
{"endtime":"2021-04-22T11:34:43.059991Z","timestamp":"2021-04-22T11:34:43.057304Z","bytes":4088,"bytes_in":750,"bytes_out":3338,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219708","http_comment":"HTTP/1.1 200 OK","http_content_length":2592,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147?output_mode=json&_=1619091219708 HTTP/1.1","request_ack_time":2585,"request_time":0,"response_ack_time":25385,"response_time":102,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2687,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147","uri_query":"output_mode=json&_=1619091219708"}
{"endtime":"2021-04-22T11:34:43.101029Z","timestamp":"2021-04-22T11:34:43.093849Z","bytes":5687,"bytes_in":769,"bytes_out":4918,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219709","http_comment":"HTTP/1.1 200 OK","http_content_length":4172,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/summary?output_mode=json&min_freq=0&_=1619091219709 HTTP/1.1","request_ack_time":7171,"request_time":0,"response_ack_time":28342,"response_time":9,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":7180,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219709"}
{"endtime":"2021-04-22T11:34:43.106812Z","timestamp":"2021-04-22T11:34:43.094192Z","bytes":13486,"bytes_in":1935,"bytes_out":11551,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219710","http_comment":"HTTP/1.1 200 OK","http_content_length":10804,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219710 HTTP/1.1","request_ack_time":31,"request_time":0,"response_ack_time":30569,"response_time":130,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":40546,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219710"}
{"endtime":"2021-04-22T11:34:43.116888Z","timestamp":"2021-04-22T11:34:43.115315Z","bytes":1829,"bytes_in":746,"bytes_out":1083,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"offset=0&count=1000&_=1619091219711","http_comment":"HTTP/1.1 200 OK","http_content_length":346,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091282.147/timeline?offset=0&count=1000&_=1619091219711 HTTP/1.1","request_ack_time":1573,"request_time":0,"response_ack_time":28009,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1573,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091282.147/timeline","uri_query":"offset=0&count=1000&_=1619091219711"}
{"endtime":"2021-04-22T11:34:45.492700Z","timestamp":"2021-04-22T11:34:45.124341Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"aa264501-dc0c-4d7c-a0f2-eb1ec8496c12","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":39,"request_time":0,"response_ack_time":153,"response_time":47,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49306,"status":200,"time_taken":368573,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:47.525357Z","timestamp":"2021-04-22T11:34:47.168257Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"f1a89160-4139-4175-b43c-c8748910bdfb","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":424,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49906,"status":200,"time_taken":357394,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:48.748940Z","timestamp":"2021-04-22T11:34:48.748133Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091037485","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037485 HTTP/1.1","request_ack_time":807,"request_time":0,"response_ack_time":29561,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":807,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037485"}
{"endtime":"2021-04-22T11:34:49.459764Z","timestamp":"2021-04-22T11:34:49.458244Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1520,"request_time":0,"response_ack_time":26190,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1520,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:34:49.936839Z","timestamp":"2021-04-22T11:34:49.936240Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219712","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219712 HTTP/1.1","request_ack_time":599,"request_time":0,"response_ack_time":25203,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":599,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219712"}
{"endtime":"2021-04-22T11:34:50.615116Z","timestamp":"2021-04-22T11:34:50.244154Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"22588882-1930-49d7-93db-b6d168cf943b","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":162,"response_time":54,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49308,"status":200,"time_taken":371151,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:50.901856Z","timestamp":"2021-04-22T11:34:50.877383Z","bytes":8636,"bytes_in":887,"bytes_out":7749,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwork &useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219713","http_comment":"HTTP/1.1 200 OK","http_content_length":7003,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3Dnetwork+&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219713 HTTP/1.1","request_ack_time":24386,"request_time":0,"response_ack_time":26318,"response_time":87,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":24473,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwork &useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219713"}
{"endtime":"2021-04-22T11:34:51.145990Z","timestamp":"2021-04-22T11:34:51.142406Z","bytes":7879,"bytes_in":742,"bytes_out":7137,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219714","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219714 HTTP/1.1","request_ack_time":3496,"request_time":0,"response_ack_time":28216,"response_time":88,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":3584,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219714"}
{"endtime":"2021-04-22T11:34:51.183905Z","timestamp":"2021-04-22T11:34:51.180666Z","bytes":3580,"bytes_in":2785,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\"]&custom.search=index=network&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":8,"request_time":524,"response_ack_time":24261,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":201,"time_taken":3239,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:34:51.217954Z","timestamp":"2021-04-22T11:34:51.216151Z","bytes":2904,"bytes_in":749,"bytes_out":2155,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219715","http_comment":"HTTP/1.1 200 OK","http_content_length":1409,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091291.148?output_mode=json&_=1619091219715 HTTP/1.1","request_ack_time":1803,"request_time":0,"response_ack_time":26185,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1803,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091291.148","uri_query":"output_mode=json&_=1619091219715"}
{"endtime":"2021-04-22T11:34:51.252660Z","timestamp":"2021-04-22T11:34:51.252405Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219716","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219716 HTTP/1.1","request_ack_time":255,"request_time":0,"response_ack_time":27503,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":255,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219716"}
{"endtime":"2021-04-22T11:34:51.302369Z","timestamp":"2021-04-22T11:34:51.300401Z","bytes":3392,"bytes_in":750,"bytes_out":2642,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219717","http_comment":"HTTP/1.1 200 OK","http_content_length":1896,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148?output_mode=json&_=1619091219717 HTTP/1.1","request_ack_time":1968,"request_time":0,"response_ack_time":23863,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1968,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148","uri_query":"output_mode=json&_=1619091219717"}
{"endtime":"2021-04-22T11:34:51.355315Z","timestamp":"2021-04-22T11:34:51.350691Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&min_freq=0&_=1619091219718","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/summary?output_mode=json&min_freq=0&_=1619091219718 HTTP/1.1","request_ack_time":4624,"request_time":0,"response_ack_time":29378,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":4624,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219718"}
{"endtime":"2021-04-22T11:34:51.357379Z","timestamp":"2021-04-22T11:34:51.351211Z","bytes":2720,"bytes_in":1935,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219719","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219719 HTTP/1.1","request_ack_time":10,"request_time":3493,"response_ack_time":27688,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":6168,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219719"}
{"endtime":"2021-04-22T11:34:51.381415Z","timestamp":"2021-04-22T11:34:51.381150Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&time=-24h&_=1619091219720","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219720 HTTP/1.1","request_ack_time":265,"request_time":0,"response_ack_time":27201,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":265,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219720"}
{"endtime":"2021-04-22T11:34:51.393076Z","timestamp":"2021-04-22T11:34:51.388807Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219721","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/summary?output_mode=json&min_freq=0&_=1619091219721 HTTP/1.1","request_ack_time":4269,"request_time":0,"response_ack_time":25435,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4269,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219721"}
{"endtime":"2021-04-22T11:34:51.395334Z","timestamp":"2021-04-22T11:34:51.392754Z","bytes":2720,"bytes_in":1935,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219722","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219722 HTTP/1.1","request_ack_time":7,"request_time":17,"response_ack_time":26836,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":2580,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219722"}
{"endtime":"2021-04-22T11:34:51.516437Z","timestamp":"2021-04-22T11:34:51.514384Z","bytes":3392,"bytes_in":750,"bytes_out":2642,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219723","http_comment":"HTTP/1.1 200 OK","http_content_length":1896,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148?output_mode=json&_=1619091219723 HTTP/1.1","request_ack_time":2053,"request_time":0,"response_ack_time":25770,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":2053,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148","uri_query":"output_mode=json&_=1619091219723"}
{"endtime":"2021-04-22T11:34:51.776685Z","timestamp":"2021-04-22T11:34:51.774509Z","bytes":3704,"bytes_in":750,"bytes_out":2954,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219724","http_comment":"HTTP/1.1 200 OK","http_content_length":2208,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148?output_mode=json&_=1619091219724 HTTP/1.1","request_ack_time":2085,"request_time":0,"response_ack_time":25664,"response_time":91,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":27931,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148","uri_query":"output_mode=json&_=1619091219724"}
{"endtime":"2021-04-22T11:34:51.824514Z","timestamp":"2021-04-22T11:34:51.811140Z","bytes":11748,"bytes_in":769,"bytes_out":10979,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&min_freq=0&_=1619091219725","http_comment":"HTTP/1.1 200 OK","http_content_length":10232,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/summary?output_mode=json&min_freq=0&_=1619091219725 HTTP/1.1","request_ack_time":13230,"request_time":0,"response_ack_time":27895,"response_time":144,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":40024,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219725"}
{"endtime":"2021-04-22T11:34:51.832399Z","timestamp":"2021-04-22T11:34:51.830914Z","bytes":1831,"bytes_in":746,"bytes_out":1085,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"offset=0&count=1000&_=1619091219727","http_comment":"HTTP/1.1 200 OK","http_content_length":348,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091291.148/timeline?offset=0&count=1000&_=1619091219727 HTTP/1.1","request_ack_time":1485,"request_time":0,"response_ack_time":28169,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1485,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091291.148/timeline","uri_query":"offset=0&count=1000&_=1619091219727"}
{"endtime":"2021-04-22T11:34:51.882713Z","timestamp":"2021-04-22T11:34:51.811140Z","bytes":46197,"bytes_in":1935,"bytes_out":44262,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219726","http_comment":"HTTP/1.1 200 OK","http_content_length":43515,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219726 HTTP/1.1","request_ack_time":7,"request_time":296,"response_ack_time":25191,"response_time":52740,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":98679,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219726"}
{"endtime":"2021-04-22T11:34:53.517842Z","timestamp":"2021-04-22T11:34:53.152591Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"7ef75c4f-17b5-462d-ac21-d3109a7a467b","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":12,"request_time":0,"response_ack_time":378,"response_time":52,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49907,"status":200,"time_taken":365524,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:56.486967Z","timestamp":"2021-04-22T11:34:56.116845Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"99bd5034-0d47-43c0-9baa-05596d41f326","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":146,"response_time":1799,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49310,"status":200,"time_taken":370330,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:58.252522Z","timestamp":"2021-04-22T11:34:58.251846Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037486","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037486 HTTP/1.1","request_ack_time":676,"request_time":0,"response_ack_time":27053,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":676,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037486"}
{"endtime":"2021-04-22T11:34:58.481734Z","timestamp":"2021-04-22T11:34:58.477477Z","bytes":1868,"bytes_in":993,"bytes_out":875,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&q=search index=network&stripReportsSearch=false&action=fieldvalue&field=sourcetype&value=stream:http","http_comment":"HTTP/1.1 200 OK","http_content_length":171,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser HTTP/1.1","request_ack_time":4257,"request_time":0,"response_ack_time":27855,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4257,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser"}
{"endtime":"2021-04-22T11:34:58.575477Z","timestamp":"2021-04-22T11:34:58.571857Z","bytes":7880,"bytes_in":742,"bytes_out":7138,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219728","http_comment":"HTTP/1.1 200 OK","http_content_length":6392,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219728 HTTP/1.1","request_ack_time":3498,"request_time":0,"response_ack_time":28181,"response_time":122,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":31911,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219728"}
{"endtime":"2021-04-22T11:34:58.615276Z","timestamp":"2021-04-22T11:34:58.612120Z","bytes":3646,"bytes_in":2851,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\"]&custom.search=index=network sourcetype=\"stream:http\"&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network sourcetype=\"stream:http\"&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":58,"request_time":451,"response_ack_time":26329,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":201,"time_taken":3156,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:34:58.647519Z","timestamp":"2021-04-22T11:34:58.645837Z","bytes":2924,"bytes_in":749,"bytes_out":2175,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219729","http_comment":"HTTP/1.1 200 OK","http_content_length":1429,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091298.149?output_mode=json&_=1619091219729 HTTP/1.1","request_ack_time":1682,"request_time":0,"response_ack_time":28261,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1682,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091298.149","uri_query":"output_mode=json&_=1619091219729"}
{"endtime":"2021-04-22T11:34:58.682146Z","timestamp":"2021-04-22T11:34:58.681883Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219730","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219730 HTTP/1.1","request_ack_time":263,"request_time":0,"response_ack_time":25526,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":263,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219730"}
{"endtime":"2021-04-22T11:34:58.733606Z","timestamp":"2021-04-22T11:34:58.731893Z","bytes":2930,"bytes_in":750,"bytes_out":2180,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219731","http_comment":"HTTP/1.1 200 OK","http_content_length":1434,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149?output_mode=json&_=1619091219731 HTTP/1.1","request_ack_time":1713,"request_time":0,"response_ack_time":26012,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1713,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149","uri_query":"output_mode=json&_=1619091219731"}
{"endtime":"2021-04-22T11:34:58.806283Z","timestamp":"2021-04-22T11:34:58.805956Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h&_=1619091219732","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219732 HTTP/1.1","request_ack_time":327,"request_time":0,"response_ack_time":25380,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":327,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219732"}
{"endtime":"2021-04-22T11:34:58.946039Z","timestamp":"2021-04-22T11:34:58.943998Z","bytes":3434,"bytes_in":750,"bytes_out":2684,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219733","http_comment":"HTTP/1.1 200 OK","http_content_length":1938,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149?output_mode=json&_=1619091219733 HTTP/1.1","request_ack_time":2041,"request_time":0,"response_ack_time":25631,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2041,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149","uri_query":"output_mode=json&_=1619091219733"}
{"endtime":"2021-04-22T11:34:58.987792Z","timestamp":"2021-04-22T11:34:58.978231Z","bytes":7074,"bytes_in":769,"bytes_out":6305,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219734","http_comment":"HTTP/1.1 200 OK","http_content_length":5559,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary?output_mode=json&min_freq=0&_=1619091219734 HTTP/1.1","request_ack_time":9444,"request_time":0,"response_ack_time":28159,"response_time":117,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":9561,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219734"}
{"endtime":"2021-04-22T11:34:59.031885Z","timestamp":"2021-04-22T11:34:59.021982Z","bytes":7103,"bytes_in":769,"bytes_out":6334,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219736","http_comment":"HTTP/1.1 200 OK","http_content_length":5588,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary?output_mode=json&min_freq=0&_=1619091219736 HTTP/1.1","request_ack_time":9796,"request_time":0,"response_ack_time":25802,"response_time":107,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":9903,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219736"}
{"endtime":"2021-04-22T11:34:59.061733Z","timestamp":"2021-04-22T11:34:58.978461Z","bytes":46362,"bytes_in":1935,"bytes_out":44427,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219735","http_comment":"HTTP/1.1 200 OK","http_content_length":43680,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219735 HTTP/1.1","request_ack_time":8,"request_time":3390,"response_ack_time":26203,"response_time":59155,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":112618,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219735"}
{"endtime":"2021-04-22T11:34:59.117483Z","timestamp":"2021-04-22T11:34:59.098263Z","bytes":46362,"bytes_in":1935,"bytes_out":44427,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219737","http_comment":"HTTP/1.1 200 OK","http_content_length":43680,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219737 HTTP/1.1","request_ack_time":6,"request_time":21,"response_ack_time":28447,"response_time":496,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":47690,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219737"}
{"endtime":"2021-04-22T11:34:59.220350Z","timestamp":"2021-04-22T11:34:59.217960Z","bytes":3764,"bytes_in":750,"bytes_out":3014,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219738","http_comment":"HTTP/1.1 200 OK","http_content_length":2268,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149?output_mode=json&_=1619091219738 HTTP/1.1","request_ack_time":2390,"request_time":0,"response_ack_time":27435,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2390,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149","uri_query":"output_mode=json&_=1619091219738"}
{"endtime":"2021-04-22T11:34:59.265716Z","timestamp":"2021-04-22T11:34:59.255970Z","bytes":7103,"bytes_in":769,"bytes_out":6334,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219739","http_comment":"HTTP/1.1 200 OK","http_content_length":5588,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary?output_mode=json&min_freq=0&_=1619091219739 HTTP/1.1","request_ack_time":9653,"request_time":0,"response_ack_time":28010,"response_time":93,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":33872,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219739"}
{"endtime":"2021-04-22T11:34:59.287896Z","timestamp":"2021-04-22T11:34:59.286451Z","bytes":1830,"bytes_in":746,"bytes_out":1084,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"offset=0&count=1000&_=1619091219740","http_comment":"HTTP/1.1 200 OK","http_content_length":347,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091298.149/timeline?offset=0&count=1000&_=1619091219740 HTTP/1.1","request_ack_time":1445,"request_time":0,"response_ack_time":29236,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1445,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091298.149/timeline","uri_query":"offset=0&count=1000&_=1619091219740"}
{"endtime":"2021-04-22T11:34:59.541553Z","timestamp":"2021-04-22T11:34:59.183755Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"f9f30ffc-a2b5-4277-b691-7422242662c6","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":31,"request_time":0,"response_ack_time":443,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49908,"status":200,"time_taken":358126,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:34:59.940777Z","timestamp":"2021-04-22T11:34:59.940056Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219741","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219741 HTTP/1.1","request_ack_time":721,"request_time":0,"response_ack_time":25073,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":721,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219741"}
{"endtime":"2021-04-22T11:35:01.613856Z","timestamp":"2021-04-22T11:35:01.238520Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"3f9592e1-4030-4d64-bd5c-9c38254b9bb5","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":42,"request_time":0,"response_ack_time":217,"response_time":44,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49312,"status":200,"time_taken":375585,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:03.963539Z","timestamp":"2021-04-22T11:35:03.952791Z","bytes":7105,"bytes_in":771,"bytes_out":6334,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=.01&_=1619091219742","http_comment":"HTTP/1.1 200 OK","http_content_length":5588,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary?output_mode=json&min_freq=.01&_=1619091219742 HTTP/1.1","request_ack_time":10657,"request_time":0,"response_ack_time":30937,"response_time":91,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":37810,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary","uri_query":"output_mode=json&min_freq=.01&_=1619091219742"}
{"endtime":"2021-04-22T11:35:04.560165Z","timestamp":"2021-04-22T11:35:04.199315Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a09ce379-f09a-4ff8-bb68-4bf86c86a869","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":9,"request_time":0,"response_ack_time":319,"response_time":63,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49910,"status":200,"time_taken":361107,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:04.586305Z","timestamp":"2021-04-22T11:35:04.584816Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1489,"request_time":0,"response_ack_time":26344,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1489,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:35:07.472975Z","timestamp":"2021-04-22T11:35:07.115744Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"553a6fd9-a8aa-4eb9-9372-4dd52b97d2e3","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":228,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49314,"status":200,"time_taken":357479,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:08.626149Z","timestamp":"2021-04-22T11:35:08.625422Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037487","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037487 HTTP/1.1","request_ack_time":727,"request_time":0,"response_ack_time":26995,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":727,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037487"}
{"endtime":"2021-04-22T11:35:09.601820Z","timestamp":"2021-04-22T11:35:09.246201Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"f43b0934-8215-4b49-8b76-ff33036b907f","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":325,"response_time":48,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49911,"status":200,"time_taken":355872,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:09.936167Z","timestamp":"2021-04-22T11:35:09.935556Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219743","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219743 HTTP/1.1","request_ack_time":611,"request_time":0,"response_ack_time":25164,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":611,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219743"}
{"endtime":"2021-04-22T11:35:12.595715Z","timestamp":"2021-04-22T11:35:12.225141Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"29bdb5ba-c03f-4910-9e55-f0e006942489","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":505,"response_time":67,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49316,"status":200,"time_taken":371178,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:14.292007Z","timestamp":"2021-04-22T11:35:14.290329Z","bytes":1674,"bytes_in":912,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/control HTTP/1.1","request_ack_time":1678,"request_time":0,"response_ack_time":28000,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1678,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/control"}
{"endtime":"2021-04-22T11:35:15.585777Z","timestamp":"2021-04-22T11:35:15.230692Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"f0e48c52-8976-4a81-9568-b456c95506e0","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":285,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49912,"status":200,"time_taken":355418,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:18.460540Z","timestamp":"2021-04-22T11:35:18.097622Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"b438973e-b06f-4adf-a3b3-804bf09e9b91","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":147,"response_time":64,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49318,"status":200,"time_taken":363106,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:18.581439Z","timestamp":"2021-04-22T11:35:18.580899Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037488","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037488 HTTP/1.1","request_ack_time":540,"request_time":0,"response_ack_time":27223,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":540,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037488"}
{"endtime":"2021-04-22T11:35:19.514883Z","timestamp":"2021-04-22T11:35:19.513145Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1738,"request_time":0,"response_ack_time":28105,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1738,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:35:19.937712Z","timestamp":"2021-04-22T11:35:19.937148Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219744","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219744 HTTP/1.1","request_ack_time":564,"request_time":0,"response_ack_time":27978,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":564,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219744"}
{"endtime":"2021-04-22T11:35:21.588865Z","timestamp":"2021-04-22T11:35:21.230541Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"0f66ea37-2ab3-40f3-95ee-793b2e9cf691","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":63,"request_time":0,"response_ack_time":429,"response_time":56,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49913,"status":200,"time_taken":358655,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:23.573368Z","timestamp":"2021-04-22T11:35:23.212224Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"2361b2bd-3a2d-402a-8878-bda502fb3fa0","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":184,"response_time":176,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49320,"status":200,"time_taken":361385,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:26.048026Z","timestamp":"2021-04-22T11:35:26.046669Z","bytes":3058,"bytes_in":743,"bytes_out":2315,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219745","http_comment":"HTTP/1.1 200 OK","http_content_length":1569,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search?output_mode=json&_=1619091219745 HTTP/1.1","request_ack_time":1357,"request_time":0,"response_ack_time":29377,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1357,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search","uri_query":"output_mode=json&_=1619091219745"}
{"endtime":"2021-04-22T11:35:26.049499Z","timestamp":"2021-04-22T11:35:26.042146Z","bytes":5915,"bytes_in":2833,"bytes_out":3082,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network sourcetype=\"stream:http\"&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now","http_comment":"HTTP/1.1 200 OK","http_content_length":2336,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/services/search/jobs/1619091298.149 HTTP/1.1","request_ack_time":2750,"request_time":4511,"response_ack_time":30429,"response_time":92,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":37874,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091298.149"}
{"endtime":"2021-04-22T11:35:26.061362Z","timestamp":"2021-04-22T11:35:26.051704Z","bytes":7103,"bytes_in":769,"bytes_out":6334,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&min_freq=0&_=1619091219746","http_comment":"HTTP/1.1 200 OK","http_content_length":5588,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary?output_mode=json&min_freq=0&_=1619091219746 HTTP/1.1","request_ack_time":9540,"request_time":0,"response_ack_time":32246,"response_time":118,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":42021,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219746"}
{"endtime":"2021-04-22T11:35:26.187581Z","timestamp":"2021-04-22T11:35:26.114534Z","bytes":49643,"bytes_in":2134,"bytes_out":47509,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219747","http_comment":"HTTP/1.1 200 OK","http_content_length":46762,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219747 HTTP/1.1","request_ack_time":5,"request_time":80,"response_ack_time":25948,"response_time":52951,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":99189,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219747"}
{"endtime":"2021-04-22T11:35:26.349022Z","timestamp":"2021-04-22T11:35:26.340126Z","bytes":6329,"bytes_in":4152,"bytes_out":2177,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&countPerPage=&dispatch.earliest_time=&dispatch.latest_time=&display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&display.events.list.drilldown=full&display.events.list.wrap=1&display.events.maxLines=5&display.events.raw.drilldown=full&display.events.rowNumbers=0&display.events.table.drilldown=1&display.events.table.wrap=1&display.events.type=list&display.general.enablePreview=1&display.page.home.showGettingStarted=1&display.page.search.mode=smart&display.page.search.patterns.sensitivity=0.8&display.page.search.searchHistoryCount=20&display.page.search.searchHistoryTimeFilter=0&display.page.search.showFields=1&display.page.search.timeline.format=compact&display.page.search.timeline.scale=linear&display.prefs.aclFilter=none&display.prefs.appFilter=none&display.prefs.autoOpenSearchAssistant=1&display.prefs.customSampleRatio=1000&display.prefs.enableMetaData=1&display.prefs.events.count=20&display.prefs.fieldCoverage=.01&display.prefs.listMode=tiles&display.prefs.livetail=0&display.prefs.searchContext=search&display.prefs.showDataSummary=1&display.prefs.showSPL=0&display.prefs.statistics.count=20&display.prefs.timeline.height=120px&display.prefs.timeline.minimalMode=1&display.prefs.timeline.minimized=0&display.statistics.drilldown=cell&display.statistics.rowNumbers=0&display.statistics.wrap=1&display.visualizations.chartHeight=300&display.visualizations.charting.chart=column&display.visualizations.charting.chart.style=shiny&display.visualizations.charting.legend.labelStyle.overflowMode=ellipsisMiddle&display.visualizations.custom.type=&display.visualizations.type=charting","http_comment":"HTTP/1.1 200 OK","http_content_length":1431,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search HTTP/1.1","request_ack_time":6,"request_time":758,"response_ack_time":27955,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":8896,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search"}
{"endtime":"2021-04-22T11:35:26.609163Z","timestamp":"2021-04-22T11:35:26.246509Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"09e0f6dc-1088-4d5e-b069-75fd09d05525","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":33,"request_time":0,"response_ack_time":275,"response_time":70,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49915,"status":200,"time_taken":362953,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:27.237764Z","timestamp":"2021-04-22T11:35:27.236599Z","bytes":441,"bytes_in":204,"bytes_out":237,"dest_ip":"169.254.169.254","dest_mac":"02:77:81:3A:65:E0","dest_port":80,"flow_id":"fa28a80a-5c7b-4278-bb82-a67b650b5c90","http_comment":"HTTP/1.0 200 OK","http_content_length":56,"http_content_type":"text/plain","http_method":"PUT","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"PUT /latest/api/token HTTP/1.1","request_ack_time":217,"request_time":0,"response_ack_time":24,"response_time":0,"server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49916,"status":200,"time_taken":1194,"transport":"tcp","uri_path":"/latest/api/token"}
{"endtime":"2021-04-22T11:35:27.239013Z","timestamp":"2021-04-22T11:35:27.238325Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:77:81:3A:65:E0","dest_port":80,"flow_id":"eafd1438-7091-41d9-9b2c-add1365b1589","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","request_ack_time":206,"request_time":0,"response_ack_time":15,"response_time":0,"server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49917,"status":404,"time_taken":703,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"}
{"endtime":"2021-04-22T11:35:27.292293Z","timestamp":"2021-04-22T11:35:27.291521Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:77:81:3A:65:E0","dest_port":80,"flow_id":"35a8d01a-ef60-4c46-b4a3-b0193b459f28","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","request_ack_time":175,"request_time":0,"response_ack_time":80,"response_time":0,"server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49918,"status":404,"time_taken":801,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"}
{"endtime":"2021-04-22T11:35:27.377544Z","timestamp":"2021-04-22T11:35:27.376725Z","bytes":775,"bytes_in":250,"bytes_out":525,"dest_ip":"169.254.169.254","dest_mac":"02:77:81:3A:65:E0","dest_port":80,"flow_id":"f77f00a1-8990-4728-8e59-b3eeb4516f3b","http_comment":"HTTP/1.0 404 Not Found","http_content_length":337,"http_content_type":"text/html","http_method":"GET","http_user_agent":"aws-sdk-go/1.35.23 (go1.13.14; windows; amd64)","protocol_stack":"ip:tcp:http","request":"GET /latest/meta-data/iam/security-credentials/ HTTP/1.1","request_ack_time":187,"request_time":0,"response_ack_time":25,"response_time":0,"server":"EC2ws","site":"169.254.169.254","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49919,"status":404,"time_taken":852,"transport":"tcp","uri_path":"/latest/meta-data/iam/security-credentials/"}
{"endtime":"2021-04-22T11:35:28.115768Z","timestamp":"2021-04-22T11:35:28.115768Z","count":3,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":404,"uri_path":"/latest/meta-data/iam/security-credentials/","sum(bytes_in)":750,"sum(bytes_out)":1575,"sum(time_taken)":2356}
{"endtime":"2021-04-22T11:35:28.115768Z","timestamp":"2021-04-22T11:35:28.115768Z","count":1,"dest_ip":"169.254.169.254","site":"169.254.169.254","status":200,"uri_path":"/latest/api/token","sum(bytes_in)":204,"sum(bytes_out)":237,"sum(time_taken)":1194}
{"endtime":"2021-04-22T11:35:28.115768Z","timestamp":"2021-04-22T11:35:28.115768Z","count":3,"dest_ip":"169.254.169.254","status":404}
{"endtime":"2021-04-22T11:35:28.115768Z","timestamp":"2021-04-22T11:35:28.115768Z","count":1,"dest_ip":"169.254.169.254","status":200}
{"endtime":"2021-04-22T11:35:28.115768Z","timestamp":"2021-04-22T11:35:28.115768Z","count":4,"dest_ip":"169.254.169.254","sum(time_taken)":3550}
{"endtime":"2021-04-22T11:35:28.115768Z","timestamp":"2021-04-22T11:35:28.115768Z","count":4,"c_ip":"10.0.1.15","sum(bytes_in)":954,"sum(bytes_out)":1812,"sum(time_taken)":3550}
{"endtime":"2021-04-22T11:35:28.576707Z","timestamp":"2021-04-22T11:35:28.576087Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091037489","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037489 HTTP/1.1","request_ack_time":620,"request_time":0,"response_ack_time":23365,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":620,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037489"}
{"endtime":"2021-04-22T11:35:29.260579Z","timestamp":"2021-04-22T11:35:29.259030Z","bytes":1658,"bytes_in":896,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/services/search/jobs/1619091298.149/control HTTP/1.1","request_ack_time":1549,"request_time":0,"response_ack_time":27473,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1549,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091298.149/control"}
{"endtime":"2021-04-22T11:35:29.434934Z","timestamp":"2021-04-22T11:35:29.075702Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"84eaed83-ee54-4b0a-b541-89c0db0b06d4","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":44,"request_time":0,"response_ack_time":165,"response_time":145,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49324,"status":200,"time_taken":359521,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:29.940919Z","timestamp":"2021-04-22T11:35:29.940373Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219748","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219748 HTTP/1.1","request_ack_time":546,"request_time":0,"response_ack_time":25140,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":546,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219748"}
{"endtime":"2021-04-22T11:35:31.923065Z","timestamp":"2021-04-22T11:35:31.918746Z","bytes":1927,"bytes_in":1018,"bytes_out":909,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&q=search index=network sourcetype=\"stream:http\"&stripReportsSearch=false&action=fieldvalue&field=http_method&value=POST","http_comment":"HTTP/1.1 200 OK","http_content_length":205,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser HTTP/1.1","request_ack_time":4319,"request_time":0,"response_ack_time":25295,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":4319,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser"}
{"endtime":"2021-04-22T11:35:32.019632Z","timestamp":"2021-04-22T11:35:32.014949Z","bytes":7879,"bytes_in":742,"bytes_out":7137,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219749","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219749 HTTP/1.1","request_ack_time":4603,"request_time":0,"response_ack_time":26782,"response_time":80,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":31531,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219749"}
{"endtime":"2021-04-22T11:35:32.059117Z","timestamp":"2021-04-22T11:35:32.055031Z","bytes":3961,"bytes_in":3166,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network sourcetype=\"stream:http\" http_method=POST&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network sourcetype=\"stream:http\" http_method=POST&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":9,"request_time":521,"response_ack_time":25265,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":201,"time_taken":4086,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:35:32.090824Z","timestamp":"2021-04-22T11:35:32.089149Z","bytes":2880,"bytes_in":749,"bytes_out":2131,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219750","http_comment":"HTTP/1.1 200 OK","http_content_length":1385,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091332.150?output_mode=json&_=1619091219750 HTTP/1.1","request_ack_time":1675,"request_time":0,"response_ack_time":25554,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1675,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091332.150","uri_query":"output_mode=json&_=1619091219750"}
{"endtime":"2021-04-22T11:35:32.126922Z","timestamp":"2021-04-22T11:35:32.126655Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219751","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219751 HTTP/1.1","request_ack_time":267,"request_time":0,"response_ack_time":25492,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":267,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219751"}
{"endtime":"2021-04-22T11:35:32.178434Z","timestamp":"2021-04-22T11:35:32.176658Z","bytes":3014,"bytes_in":750,"bytes_out":2264,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219752","http_comment":"HTTP/1.1 200 OK","http_content_length":1518,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150?output_mode=json&_=1619091219752 HTTP/1.1","request_ack_time":1776,"request_time":0,"response_ack_time":25958,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1776,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150","uri_query":"output_mode=json&_=1619091219752"}
{"endtime":"2021-04-22T11:35:32.261042Z","timestamp":"2021-04-22T11:35:32.260778Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&time=-24h&_=1619091219753","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219753 HTTP/1.1","request_ack_time":264,"request_time":0,"response_ack_time":27343,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":264,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219753"}
{"endtime":"2021-04-22T11:35:32.398582Z","timestamp":"2021-04-22T11:35:32.396673Z","bytes":3016,"bytes_in":750,"bytes_out":2266,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219754","http_comment":"HTTP/1.1 200 OK","http_content_length":1520,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150?output_mode=json&_=1619091219754 HTTP/1.1","request_ack_time":1909,"request_time":0,"response_ack_time":27871,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1909,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150","uri_query":"output_mode=json&_=1619091219754"}
{"endtime":"2021-04-22T11:35:32.579802Z","timestamp":"2021-04-22T11:35:32.214779Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"7bf7bcc1-011c-444f-8e73-d5d7df1de70b","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":34,"request_time":0,"response_ack_time":397,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49920,"status":200,"time_taken":365326,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:32.658787Z","timestamp":"2021-04-22T11:35:32.656681Z","bytes":3540,"bytes_in":750,"bytes_out":2790,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219755","http_comment":"HTTP/1.1 200 OK","http_content_length":2044,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150?output_mode=json&_=1619091219755 HTTP/1.1","request_ack_time":2106,"request_time":0,"response_ack_time":25667,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":2106,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150","uri_query":"output_mode=json&_=1619091219755"}
{"endtime":"2021-04-22T11:35:32.696083Z","timestamp":"2021-04-22T11:35:32.691477Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&min_freq=0&_=1619091219756","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/summary?output_mode=json&min_freq=0&_=1619091219756 HTTP/1.1","request_ack_time":4606,"request_time":0,"response_ack_time":24363,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":4606,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219756"}
{"endtime":"2021-04-22T11:35:32.698133Z","timestamp":"2021-04-22T11:35:32.695325Z","bytes":2919,"bytes_in":2134,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219757","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219757 HTTP/1.1","request_ack_time":10,"request_time":126,"response_ack_time":26612,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2808,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219757"}
{"endtime":"2021-04-22T11:35:32.734298Z","timestamp":"2021-04-22T11:35:32.729335Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219758","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/summary?output_mode=json&min_freq=0&_=1619091219758 HTTP/1.1","request_ack_time":4963,"request_time":0,"response_ack_time":26523,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4963,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219758"}
{"endtime":"2021-04-22T11:35:32.734591Z","timestamp":"2021-04-22T11:35:32.729461Z","bytes":2919,"bytes_in":2134,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219759","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219759 HTTP/1.1","request_ack_time":12,"request_time":0,"response_ack_time":25911,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":5130,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219759"}
{"endtime":"2021-04-22T11:35:33.051192Z","timestamp":"2021-04-22T11:35:33.048761Z","bytes":3840,"bytes_in":750,"bytes_out":3090,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&_=1619091219760","http_comment":"HTTP/1.1 200 OK","http_content_length":2344,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150?output_mode=json&_=1619091219760 HTTP/1.1","request_ack_time":2325,"request_time":0,"response_ack_time":25508,"response_time":106,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":2431,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150","uri_query":"output_mode=json&_=1619091219760"}
{"endtime":"2021-04-22T11:35:33.091597Z","timestamp":"2021-04-22T11:35:33.085104Z","bytes":6668,"bytes_in":769,"bytes_out":5899,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&min_freq=0&_=1619091219761","http_comment":"HTTP/1.1 200 OK","http_content_length":5153,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/summary?output_mode=json&min_freq=0&_=1619091219761 HTTP/1.1","request_ack_time":6342,"request_time":0,"response_ack_time":26936,"response_time":151,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":6493,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219761"}
{"endtime":"2021-04-22T11:35:33.108595Z","timestamp":"2021-04-22T11:35:33.107156Z","bytes":1828,"bytes_in":746,"bytes_out":1082,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"offset=0&count=1000&_=1619091219763","http_comment":"HTTP/1.1 200 OK","http_content_length":345,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091332.150/timeline?offset=0&count=1000&_=1619091219763 HTTP/1.1","request_ack_time":1439,"request_time":0,"response_ack_time":30386,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1439,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091332.150/timeline","uri_query":"offset=0&count=1000&_=1619091219763"}
{"endtime":"2021-04-22T11:35:33.166984Z","timestamp":"2021-04-22T11:35:33.085896Z","bytes":64664,"bytes_in":2134,"bytes_out":62530,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219762","http_comment":"HTTP/1.1 200 OK","http_content_length":61783,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219762 HTTP/1.1","request_ack_time":58,"request_time":0,"response_ack_time":27894,"response_time":57113,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":107796,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219762"}
{"endtime":"2021-04-22T11:35:34.555419Z","timestamp":"2021-04-22T11:35:34.186435Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"0e8c5655-8b22-45b5-87f3-e82382febc66","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":37,"request_time":0,"response_ack_time":216,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49326,"status":200,"time_taken":369219,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:34.580843Z","timestamp":"2021-04-22T11:35:34.579404Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1439,"request_time":0,"response_ack_time":26233,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1439,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:35:36.056229Z","timestamp":"2021-04-22T11:35:36.056229Z","count":97,"c_ip":"46.128.24.64","sum(bytes_in)":110294,"sum(bytes_out)":465147,"sum(time_taken)":1152141}
{"endtime":"2021-04-22T11:35:36.056229Z","timestamp":"2021-04-22T11:35:36.056229Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4030257}
{"endtime":"2021-04-22T11:35:36.056229Z","timestamp":"2021-04-22T11:35:36.056229Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":9970,"sum(time_taken)":3597419}
{"endtime":"2021-04-22T11:35:36.056315Z","timestamp":"2021-04-22T11:35:36.056315Z","count":118,"dest_ip":"10.0.1.12","sum(time_taken)":8779817}
{"endtime":"2021-04-22T11:35:36.056323Z","timestamp":"2021-04-22T11:35:36.056323Z","count":4,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:35:36.056323Z","timestamp":"2021-04-22T11:35:36.056323Z","count":114,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs","sum(bytes_in)":11679,"sum(bytes_out)":3180,"sum(time_taken)":19347}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/summary","sum(bytes_in)":1538,"sum(bytes_out)":1688,"sum(time_taken)":9569}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/events","sum(bytes_in)":6402,"sum(bytes_out)":64100,"sum(time_taken)":115734}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150","sum(bytes_in)":3000,"sum(bytes_out)":10410,"sum(time_taken)":8222}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/summary","sum(bytes_in)":3847,"sum(bytes_out)":31641,"sum(time_taken)":133167}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/events","sum(bytes_in)":6004,"sum(bytes_out)":136363,"sum(time_taken)":259497}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149/control","sum(bytes_in)":912,"sum(bytes_out)":762,"sum(time_taken)":1678}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091298.149","sum(bytes_in)":2250,"sum(bytes_out)":7878,"sum(time_taken)":6144}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/summary","sum(bytes_in)":2307,"sum(bytes_out)":12667,"sum(time_taken)":48917}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148/events","sum(bytes_in)":5805,"sum(bytes_out)":45832,"sum(time_taken)":107427}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091291.148","sum(bytes_in)":2250,"sum(bytes_out)":8238,"sum(time_taken)":31952}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/summary","sum(bytes_in)":2307,"sum(bytes_out)":6606,"sum(time_taken)":16345}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147/events","sum(bytes_in)":5805,"sum(bytes_out)":13121,"sum(time_taken)":46289}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091282.147","sum(bytes_in)":3000,"sum(bytes_out)":10735,"sum(time_taken)":36205}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/summary","sum(bytes_in)":1538,"sum(bytes_out)":11402,"sum(time_taken)":73703}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/events","sum(bytes_in)":1935,"sum(bytes_out)":6870,"sum(time_taken)":9512}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091245.146/control","sum(bytes_in)":912,"sum(bytes_out)":762,"sum(time_taken)":1554}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":3644,"sum(bytes_out)":3048,"sum(time_taken)":6385}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091332.150","sum(bytes_in)":749,"sum(bytes_out)":2131,"sum(time_taken)":1675}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091298.149","sum(bytes_in)":749,"sum(bytes_out)":2175,"sum(time_taken)":1682}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091291.148","sum(bytes_in)":749,"sum(bytes_out)":2155,"sum(time_taken)":1803}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091282.147","sum(bytes_in)":749,"sum(bytes_out)":2061,"sum(time_taken)":1626}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser","sum(bytes_in)":3017,"sum(bytes_out)":2681,"sum(time_taken)":13164}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","sum(bytes_in)":2968,"sum(bytes_out)":28550,"sum(time_taken)":71831}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/data/ui/prefs/search","sum(bytes_in)":9513,"sum(bytes_out)":8711,"sum(time_taken)":20627}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":12,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":8748,"sum(bytes_out)":13908,"sum(time_taken)":7596}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":9,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":6974,"sum(bytes_out)":6970,"sum(time_taken)":2471}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/shelper","sum(bytes_in)":887,"sum(bytes_out)":7749,"sum(time_taken)":24473}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091298.149/timeline","sum(bytes_in)":746,"sum(bytes_out)":1084,"sum(time_taken)":1445}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091298.149/control","sum(bytes_in)":896,"sum(bytes_out)":762,"sum(time_taken)":1549}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091298.149","sum(bytes_in)":2833,"sum(bytes_out)":3082,"sum(time_taken)":37874}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091291.148/timeline","sum(bytes_in)":746,"sum(bytes_out)":1085,"sum(time_taken)":1485}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091282.147/timeline","sum(bytes_in)":746,"sum(bytes_out)":1083,"sum(time_taken)":1573}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091245.146","sum(bytes_in)":2545,"sum(bytes_out)":3717,"sum(time_taken)":29235}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1544,"sum(bytes_out)":1940,"sum(time_taken)":385}
{"endtime":"2021-04-22T11:35:36.056334Z","timestamp":"2021-04-22T11:35:36.056334Z","count":21,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3507,"sum(bytes_out)":20937,"sum(time_taken)":7627676}
{"endtime":"2021-04-22T11:35:38.358953Z","timestamp":"2021-04-22T11:35:38.358238Z","bytes":1742,"bytes_in":772,"bytes_out":970,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037491","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037491 HTTP/1.1","request_ack_time":715,"request_time":0,"response_ack_time":26723,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":715,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037491"}
{"endtime":"2021-04-22T11:35:38.359049Z","timestamp":"2021-04-22T11:35:38.358238Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037490","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037490 HTTP/1.1","request_ack_time":811,"request_time":0,"response_ack_time":30636,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":811,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037490"}
{"endtime":"2021-04-22T11:35:38.608955Z","timestamp":"2021-04-22T11:35:38.245992Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"0550f91a-130a-4452-ab37-5e66f9bb9252","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":319,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49921,"status":200,"time_taken":363190,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:39.938586Z","timestamp":"2021-04-22T11:35:39.937939Z","bytes":1889,"bytes_in":729,"bytes_out":1160,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219764","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219764 HTTP/1.1","request_ack_time":647,"request_time":0,"response_ack_time":27172,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":647,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219764"}
{"endtime":"2021-04-22T11:35:39.982222Z","timestamp":"2021-04-22T11:35:39.981965Z","bytes":1742,"bytes_in":772,"bytes_out":970,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219765","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219765 HTTP/1.1","request_ack_time":257,"request_time":0,"response_ack_time":27394,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":257,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219765"}
{"endtime":"2021-04-22T11:35:40.426424Z","timestamp":"2021-04-22T11:35:40.057344Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"cd112994-0d6f-4e15-bdf4-d0f1b19d68d9","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":36,"request_time":0,"response_ack_time":163,"response_time":1750,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49328,"status":200,"time_taken":369271,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:43.631783Z","timestamp":"2021-04-22T11:35:43.277331Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9c513868-cab5-4cff-a5dd-c20bbfeb40de","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":38,"request_time":0,"response_ack_time":322,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49922,"status":200,"time_taken":354819,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:45.545425Z","timestamp":"2021-04-22T11:35:45.178318Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"6dc43c57-5a3c-4998-bb87-21a513272bf3","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":39,"request_time":0,"response_ack_time":344,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49330,"status":200,"time_taken":367425,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:48.126841Z","timestamp":"2021-04-22T11:35:48.125217Z","bytes":1674,"bytes_in":912,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/control HTTP/1.1","request_ack_time":1624,"request_time":0,"response_ack_time":30345,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1624,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/control"}
{"endtime":"2021-04-22T11:35:48.577796Z","timestamp":"2021-04-22T11:35:48.577194Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037492","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037492 HTTP/1.1","request_ack_time":602,"request_time":0,"response_ack_time":27177,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":602,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037492"}
{"endtime":"2021-04-22T11:35:49.423034Z","timestamp":"2021-04-22T11:35:49.421445Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1589,"request_time":0,"response_ack_time":24084,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1589,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:35:49.616104Z","timestamp":"2021-04-22T11:35:49.261775Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"efe66370-ceb3-4dac-9303-f9759b3fd9eb","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":35,"request_time":0,"response_ack_time":386,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49923,"status":200,"time_taken":354723,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:49.940044Z","timestamp":"2021-04-22T11:35:49.939456Z","bytes":1887,"bytes_in":729,"bytes_out":1158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219766","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219766 HTTP/1.1","request_ack_time":588,"request_time":0,"response_ack_time":25154,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":588,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219766"}
{"endtime":"2021-04-22T11:35:51.414091Z","timestamp":"2021-04-22T11:35:51.047396Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"5eb960e1-651a-4529-a4f2-203a785dcdc5","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":189,"response_time":1723,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49332,"status":200,"time_taken":366911,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:55.418864Z","timestamp":"2021-04-22T11:35:55.059588Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"3daa9834-46e7-485c-b4de-97b34151d669","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":320,"response_time":51,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49924,"status":200,"time_taken":360773,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:56.214600Z","timestamp":"2021-04-22T11:35:56.210903Z","bytes":7879,"bytes_in":742,"bytes_out":7137,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219767","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219767 HTTP/1.1","request_ack_time":3622,"request_time":0,"response_ack_time":31517,"response_time":75,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":31405,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219767"}
{"endtime":"2021-04-22T11:35:56.261250Z","timestamp":"2021-04-22T11:35:56.257854Z","bytes":3961,"bytes_in":3166,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network sourcetype=\"stream:http\" http_method=POST&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network sourcetype=\"stream:http\" http_method=POST&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":40,"request_time":560,"response_ack_time":24968,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":201,"time_taken":3396,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:35:56.294533Z","timestamp":"2021-04-22T11:35:56.292615Z","bytes":3014,"bytes_in":749,"bytes_out":2265,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219768","http_comment":"HTTP/1.1 200 OK","http_content_length":1519,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091356.151?output_mode=json&_=1619091219768 HTTP/1.1","request_ack_time":1918,"request_time":0,"response_ack_time":25649,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1918,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091356.151","uri_query":"output_mode=json&_=1619091219768"}
{"endtime":"2021-04-22T11:35:56.328809Z","timestamp":"2021-04-22T11:35:56.328494Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219769","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219769 HTTP/1.1","request_ack_time":315,"request_time":0,"response_ack_time":27356,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":315,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219769"}
{"endtime":"2021-04-22T11:35:56.382292Z","timestamp":"2021-04-22T11:35:56.380431Z","bytes":3017,"bytes_in":750,"bytes_out":2267,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219770","http_comment":"HTTP/1.1 200 OK","http_content_length":1521,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151?output_mode=json&_=1619091219770 HTTP/1.1","request_ack_time":1861,"request_time":0,"response_ack_time":27878,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1861,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151","uri_query":"output_mode=json&_=1619091219770"}
{"endtime":"2021-04-22T11:35:56.466777Z","timestamp":"2021-04-22T11:35:56.466452Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h&_=1619091219771","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219771 HTTP/1.1","request_ack_time":325,"request_time":0,"response_ack_time":25451,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":325,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219771"}
{"endtime":"2021-04-22T11:35:56.539504Z","timestamp":"2021-04-22T11:35:56.165720Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"eb7f94e1-95bc-4ea5-989d-ad46b274cd7a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":172,"response_time":55,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49334,"status":200,"time_taken":373983,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:35:56.601457Z","timestamp":"2021-04-22T11:35:56.598976Z","bytes":3833,"bytes_in":750,"bytes_out":3083,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219772","http_comment":"HTTP/1.1 200 OK","http_content_length":2337,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151?output_mode=json&_=1619091219772 HTTP/1.1","request_ack_time":2368,"request_time":0,"response_ack_time":24791,"response_time":113,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":27385,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151","uri_query":"output_mode=json&_=1619091219772"}
{"endtime":"2021-04-22T11:35:56.641216Z","timestamp":"2021-04-22T11:35:56.634488Z","bytes":6697,"bytes_in":769,"bytes_out":5928,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219773","http_comment":"HTTP/1.1 200 OK","http_content_length":5182,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151/summary?output_mode=json&min_freq=0&_=1619091219773 HTTP/1.1","request_ack_time":6604,"request_time":0,"response_ack_time":28955,"response_time":124,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":31836,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219773"}
{"endtime":"2021-04-22T11:35:56.659808Z","timestamp":"2021-04-22T11:35:56.658365Z","bytes":1828,"bytes_in":746,"bytes_out":1082,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"offset=0&count=1000&_=1619091219775","http_comment":"HTTP/1.1 200 OK","http_content_length":345,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091356.151/timeline?offset=0&count=1000&_=1619091219775 HTTP/1.1","request_ack_time":1443,"request_time":0,"response_ack_time":26677,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1443,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091356.151/timeline","uri_query":"offset=0&count=1000&_=1619091219775"}
{"endtime":"2021-04-22T11:35:56.693206Z","timestamp":"2021-04-22T11:35:56.686497Z","bytes":6697,"bytes_in":769,"bytes_out":5928,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219776","http_comment":"HTTP/1.1 200 OK","http_content_length":5182,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151/summary?output_mode=json&min_freq=0&_=1619091219776 HTTP/1.1","request_ack_time":6637,"request_time":0,"response_ack_time":29033,"response_time":72,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":6709,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219776"}
{"endtime":"2021-04-22T11:35:56.722301Z","timestamp":"2021-04-22T11:35:56.638749Z","bytes":77292,"bytes_in":2134,"bytes_out":75158,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219774","http_comment":"HTTP/1.1 200 OK","http_content_length":74411,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219774 HTTP/1.1","request_ack_time":6,"request_time":88,"response_ack_time":30044,"response_time":59034,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":111426,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219774"}
{"endtime":"2021-04-22T11:35:58.609410Z","timestamp":"2021-04-22T11:35:58.608799Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037493","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037493 HTTP/1.1","request_ack_time":611,"request_time":0,"response_ack_time":25056,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":611,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037493"}
{"endtime":"2021-04-22T11:35:59.945643Z","timestamp":"2021-04-22T11:35:59.944989Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219777","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219777 HTTP/1.1","request_ack_time":654,"request_time":0,"response_ack_time":25073,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":654,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219777"}
{"endtime":"2021-04-22T11:36:00.452018Z","timestamp":"2021-04-22T11:36:00.089650Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"adb2db22-e3e5-4c44-b1ae-036022e74234","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":324,"response_time":55,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49925,"status":200,"time_taken":362674,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:02.409741Z","timestamp":"2021-04-22T11:36:02.041267Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"20008303-f672-494d-8216-13a7fec9b6ae","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":42,"request_time":0,"response_ack_time":232,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49336,"status":200,"time_taken":368696,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:03.172200Z","timestamp":"2021-04-22T11:36:03.147510Z","bytes":8636,"bytes_in":887,"bytes_out":7749,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwork &useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219778","http_comment":"HTTP/1.1 200 OK","http_content_length":7003,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3Dnetwork+&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219778 HTTP/1.1","request_ack_time":24573,"request_time":0,"response_ack_time":31116,"response_time":117,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":55923,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwork &useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219778"}
{"endtime":"2021-04-22T11:36:03.418218Z","timestamp":"2021-04-22T11:36:03.413509Z","bytes":7879,"bytes_in":742,"bytes_out":7137,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219779","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219779 HTTP/1.1","request_ack_time":4622,"request_time":0,"response_ack_time":27136,"response_time":87,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":4709,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219779"}
{"endtime":"2021-04-22T11:36:03.461278Z","timestamp":"2021-04-22T11:36:03.457887Z","bytes":3857,"bytes_in":3062,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":10,"request_time":584,"response_ack_time":27976,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":201,"time_taken":3391,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:36:03.495407Z","timestamp":"2021-04-22T11:36:03.493484Z","bytes":2982,"bytes_in":749,"bytes_out":2233,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219780","http_comment":"HTTP/1.1 200 OK","http_content_length":1487,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091363.152?output_mode=json&_=1619091219780 HTTP/1.1","request_ack_time":1923,"request_time":0,"response_ack_time":25845,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1923,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091363.152","uri_query":"output_mode=json&_=1619091219780"}
{"endtime":"2021-04-22T11:36:03.529793Z","timestamp":"2021-04-22T11:36:03.529512Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219781","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219781 HTTP/1.1","request_ack_time":281,"request_time":0,"response_ack_time":25423,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":281,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219781"}
{"endtime":"2021-04-22T11:36:03.579681Z","timestamp":"2021-04-22T11:36:03.577724Z","bytes":3472,"bytes_in":750,"bytes_out":2722,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219782","http_comment":"HTTP/1.1 200 OK","http_content_length":1976,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152?output_mode=json&_=1619091219782 HTTP/1.1","request_ack_time":1957,"request_time":0,"response_ack_time":25583,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1957,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152","uri_query":"output_mode=json&_=1619091219782"}
{"endtime":"2021-04-22T11:36:03.646485Z","timestamp":"2021-04-22T11:36:03.641801Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219783","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/summary?output_mode=json&min_freq=0&_=1619091219783 HTTP/1.1","request_ack_time":4684,"request_time":0,"response_ack_time":26749,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":4684,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219783"}
{"endtime":"2021-04-22T11:36:03.646957Z","timestamp":"2021-04-22T11:36:03.642243Z","bytes":2919,"bytes_in":2134,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219784","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219784 HTTP/1.1","request_ack_time":47,"request_time":0,"response_ack_time":30866,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4714,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219784"}
{"endtime":"2021-04-22T11:36:03.669764Z","timestamp":"2021-04-22T11:36:03.669473Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&time=-24h&_=1619091219785","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219785 HTTP/1.1","request_ack_time":291,"request_time":0,"response_ack_time":27437,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":291,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219785"}
{"endtime":"2021-04-22T11:36:03.682300Z","timestamp":"2021-04-22T11:36:03.677823Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219786","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/summary?output_mode=json&min_freq=0&_=1619091219786 HTTP/1.1","request_ack_time":4477,"request_time":0,"response_ack_time":27029,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4477,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219786"}
{"endtime":"2021-04-22T11:36:03.682619Z","timestamp":"2021-04-22T11:36:03.678278Z","bytes":2919,"bytes_in":2134,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219787","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219787 HTTP/1.1","request_ack_time":19,"request_time":0,"response_ack_time":26710,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":4341,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219787"}
{"endtime":"2021-04-22T11:36:03.803836Z","timestamp":"2021-04-22T11:36:03.801628Z","bytes":3471,"bytes_in":750,"bytes_out":2721,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219788","http_comment":"HTTP/1.1 200 OK","http_content_length":1975,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152?output_mode=json&_=1619091219788 HTTP/1.1","request_ack_time":2208,"request_time":0,"response_ack_time":27506,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2208,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152","uri_query":"output_mode=json&_=1619091219788"}
{"endtime":"2021-04-22T11:36:04.069832Z","timestamp":"2021-04-22T11:36:04.067685Z","bytes":3474,"bytes_in":750,"bytes_out":2724,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219789","http_comment":"HTTP/1.1 200 OK","http_content_length":1978,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152?output_mode=json&_=1619091219789 HTTP/1.1","request_ack_time":2147,"request_time":0,"response_ack_time":25529,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2147,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152","uri_query":"output_mode=json&_=1619091219789"}
{"endtime":"2021-04-22T11:36:04.444194Z","timestamp":"2021-04-22T11:36:04.441661Z","bytes":3805,"bytes_in":750,"bytes_out":3055,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219790","http_comment":"HTTP/1.1 200 OK","http_content_length":2309,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152?output_mode=json&_=1619091219790 HTTP/1.1","request_ack_time":2450,"request_time":0,"response_ack_time":27257,"response_time":83,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2533,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152","uri_query":"output_mode=json&_=1619091219790"}
{"endtime":"2021-04-22T11:36:04.487318Z","timestamp":"2021-04-22T11:36:04.485675Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"360c7e65-b64f-4bbc-928f-a5f6b03d75eb","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1643,"request_time":0,"response_ack_time":24100,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52101,"status":200,"time_taken":1643,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:36:04.495892Z","timestamp":"2021-04-22T11:36:04.481939Z","bytes":11783,"bytes_in":769,"bytes_out":11014,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219791","http_comment":"HTTP/1.1 200 OK","http_content_length":10267,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/summary?output_mode=json&min_freq=0&_=1619091219791 HTTP/1.1","request_ack_time":13868,"request_time":0,"response_ack_time":29611,"response_time":85,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":39601,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219791"}
{"endtime":"2021-04-22T11:36:04.499007Z","timestamp":"2021-04-22T11:36:04.497618Z","bytes":1831,"bytes_in":746,"bytes_out":1085,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"offset=0&count=1000&_=1619091219793","http_comment":"HTTP/1.1 200 OK","http_content_length":348,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091363.152/timeline?offset=0&count=1000&_=1619091219793 HTTP/1.1","request_ack_time":1389,"request_time":0,"response_ack_time":26467,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1389,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091363.152/timeline","uri_query":"offset=0&count=1000&_=1619091219793"}
{"endtime":"2021-04-22T11:36:04.529639Z","timestamp":"2021-04-22T11:36:04.482406Z","bytes":41555,"bytes_in":2134,"bytes_out":39421,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219792","http_comment":"HTTP/1.1 200 OK","http_content_length":38674,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219792 HTTP/1.1","request_ack_time":56,"request_time":0,"response_ack_time":25784,"response_time":28149,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":73955,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219792"}
{"endtime":"2021-04-22T11:36:06.442672Z","timestamp":"2021-04-22T11:36:06.089739Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"4df1974e-d56c-4fc1-b89b-58f65ff77cf8","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":41,"request_time":0,"response_ack_time":467,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49927,"status":200,"time_taken":353337,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:07.527680Z","timestamp":"2021-04-22T11:36:07.161326Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c64c03b0-07bf-4c0b-b450-7fdc5646756e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":218,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49338,"status":200,"time_taken":366546,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:08.469002Z","timestamp":"2021-04-22T11:36:08.468283Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037494","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037494 HTTP/1.1","request_ack_time":719,"request_time":0,"response_ack_time":31005,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":719,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037494"}
{"endtime":"2021-04-22T11:36:09.937191Z","timestamp":"2021-04-22T11:36:09.936562Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219794","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219794 HTTP/1.1","request_ack_time":629,"request_time":0,"response_ack_time":27088,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":629,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219794"}
{"endtime":"2021-04-22T11:36:12.495038Z","timestamp":"2021-04-22T11:36:12.136545Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c1512ef4-6b71-4d00-89bb-bc2c4c05af7a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":39,"request_time":0,"response_ack_time":349,"response_time":90,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49928,"status":200,"time_taken":358922,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:13.147476Z","timestamp":"2021-04-22T11:36:13.143215Z","bytes":1845,"bytes_in":984,"bytes_out":861,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&q=search index=network&stripReportsSearch=false&action=fieldvalue&field=host&value=win-dc-178","http_comment":"HTTP/1.1 200 OK","http_content_length":157,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser HTTP/1.1","request_ack_time":4261,"request_time":0,"response_ack_time":30376,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4261,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser"}
{"endtime":"2021-04-22T11:36:13.244829Z","timestamp":"2021-04-22T11:36:13.241006Z","bytes":7879,"bytes_in":742,"bytes_out":7137,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219795","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219795 HTTP/1.1","request_ack_time":3740,"request_time":0,"response_ack_time":28063,"response_time":83,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":3823,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219795"}
{"endtime":"2021-04-22T11:36:13.284848Z","timestamp":"2021-04-22T11:36:13.281484Z","bytes":3905,"bytes_in":3110,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network host=\"win-dc-178\"&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network host=\"win-dc-178\"&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":65,"request_time":632,"response_ack_time":23926,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":201,"time_taken":3364,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:36:13.318972Z","timestamp":"2021-04-22T11:36:13.317041Z","bytes":3000,"bytes_in":749,"bytes_out":2251,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219796","http_comment":"HTTP/1.1 200 OK","http_content_length":1505,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091373.153?output_mode=json&_=1619091219796 HTTP/1.1","request_ack_time":1931,"request_time":0,"response_ack_time":25808,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1931,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091373.153","uri_query":"output_mode=json&_=1619091219796"}
{"endtime":"2021-04-22T11:36:13.357935Z","timestamp":"2021-04-22T11:36:13.357683Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219797","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219797 HTTP/1.1","request_ack_time":252,"request_time":0,"response_ack_time":24855,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":252,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219797"}
{"endtime":"2021-04-22T11:36:13.395197Z","timestamp":"2021-04-22T11:36:13.029440Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c4ee7337-e656-4fed-9b94-5d3d4bdf2587","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":41,"request_time":0,"response_ack_time":211,"response_time":56,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49340,"status":200,"time_taken":365991,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:13.407108Z","timestamp":"2021-04-22T11:36:13.405052Z","bytes":3518,"bytes_in":750,"bytes_out":2768,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219798","http_comment":"HTTP/1.1 200 OK","http_content_length":2022,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153?output_mode=json&_=1619091219798 HTTP/1.1","request_ack_time":2056,"request_time":0,"response_ack_time":25818,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2056,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153","uri_query":"output_mode=json&_=1619091219798"}
{"endtime":"2021-04-22T11:36:13.469750Z","timestamp":"2021-04-22T11:36:13.465053Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219799","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/summary?output_mode=json&min_freq=0&_=1619091219799 HTTP/1.1","request_ack_time":4697,"request_time":0,"response_ack_time":25340,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":4697,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219799"}
{"endtime":"2021-04-22T11:36:13.472065Z","timestamp":"2021-04-22T11:36:13.469359Z","bytes":2919,"bytes_in":2134,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219800","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219800 HTTP/1.1","request_ack_time":7,"request_time":44,"response_ack_time":27252,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2706,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219800"}
{"endtime":"2021-04-22T11:36:13.495336Z","timestamp":"2021-04-22T11:36:13.495090Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&time=-24h&_=1619091219801","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219801 HTTP/1.1","request_ack_time":246,"request_time":0,"response_ack_time":27452,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":246,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219801"}
{"endtime":"2021-04-22T11:36:13.502404Z","timestamp":"2021-04-22T11:36:13.499904Z","bytes":2919,"bytes_in":2134,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219803","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219803 HTTP/1.1","request_ack_time":53,"request_time":0,"response_ack_time":24411,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2500,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219803"}
{"endtime":"2021-04-22T11:36:13.503806Z","timestamp":"2021-04-22T11:36:13.499317Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&min_freq=0&_=1619091219802","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/summary?output_mode=json&min_freq=0&_=1619091219802 HTTP/1.1","request_ack_time":4489,"request_time":0,"response_ack_time":26946,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":4489,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219802"}
{"endtime":"2021-04-22T11:36:13.631272Z","timestamp":"2021-04-22T11:36:13.629020Z","bytes":3818,"bytes_in":750,"bytes_out":3068,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219804","http_comment":"HTTP/1.1 200 OK","http_content_length":2322,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153?output_mode=json&_=1619091219804 HTTP/1.1","request_ack_time":2143,"request_time":0,"response_ack_time":29591,"response_time":109,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2252,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153","uri_query":"output_mode=json&_=1619091219804"}
{"endtime":"2021-04-22T11:36:13.673888Z","timestamp":"2021-04-22T11:36:13.665278Z","bytes":7461,"bytes_in":769,"bytes_out":6692,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&min_freq=0&_=1619091219805","http_comment":"HTTP/1.1 200 OK","http_content_length":5946,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/summary?output_mode=json&min_freq=0&_=1619091219805 HTTP/1.1","request_ack_time":8493,"request_time":0,"response_ack_time":26937,"response_time":117,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":8610,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219805"}
{"endtime":"2021-04-22T11:36:13.676053Z","timestamp":"2021-04-22T11:36:13.665758Z","bytes":5387,"bytes_in":2134,"bytes_out":3253,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219806","http_comment":"HTTP/1.1 200 OK","http_content_length":2507,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219806 HTTP/1.1","request_ack_time":61,"request_time":0,"response_ack_time":28840,"response_time":55,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":39190,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219806"}
{"endtime":"2021-04-22T11:36:13.682541Z","timestamp":"2021-04-22T11:36:13.681025Z","bytes":1830,"bytes_in":746,"bytes_out":1084,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"offset=0&count=1000&_=1619091219807","http_comment":"HTTP/1.1 200 OK","http_content_length":347,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091373.153/timeline?offset=0&count=1000&_=1619091219807 HTTP/1.1","request_ack_time":1516,"request_time":0,"response_ack_time":26248,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1516,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091373.153/timeline","uri_query":"offset=0&count=1000&_=1619091219807"}
{"endtime":"2021-04-22T11:36:17.525992Z","timestamp":"2021-04-22T11:36:17.167603Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"ba6b970a-f717-462c-b21b-1cfd2b3adc00","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":420,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49929,"status":200,"time_taken":358657,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:18.515748Z","timestamp":"2021-04-22T11:36:18.146727Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c9b49813-ea12-4446-bbc3-0e8ee04be877","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":159,"response_time":60,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49342,"status":200,"time_taken":369219,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:18.586463Z","timestamp":"2021-04-22T11:36:18.585795Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037495","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037495 HTTP/1.1","request_ack_time":668,"request_time":0,"response_ack_time":27131,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":668,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037495"}
{"endtime":"2021-04-22T11:36:19.521500Z","timestamp":"2021-04-22T11:36:19.519977Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1523,"request_time":0,"response_ack_time":26171,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1523,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:36:19.936702Z","timestamp":"2021-04-22T11:36:19.936085Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219808","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219808 HTTP/1.1","request_ack_time":617,"request_time":0,"response_ack_time":23108,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":617,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219808"}
{"endtime":"2021-04-22T11:36:22.570580Z","timestamp":"2021-04-22T11:36:22.214550Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d45ce6d9-97d8-49cc-93e6-e369f393affd","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":476,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49930,"status":200,"time_taken":356292,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:23.629164Z","timestamp":"2021-04-22T11:36:23.267273Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c6f992d1-2da0-4448-a32c-9c2cde476e9a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":251,"response_time":23,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49344,"status":200,"time_taken":362109,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:28.578032Z","timestamp":"2021-04-22T11:36:28.577384Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037496","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037496 HTTP/1.1","request_ack_time":648,"request_time":0,"response_ack_time":27108,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":648,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037496"}
{"endtime":"2021-04-22T11:36:28.620003Z","timestamp":"2021-04-22T11:36:28.261459Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"31c1c2d8-9fc1-4058-b202-326d08d8588a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":36,"request_time":0,"response_ack_time":359,"response_time":36,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49931,"status":200,"time_taken":358869,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:28.706913Z","timestamp":"2021-04-22T11:36:28.705414Z","bytes":1674,"bytes_in":912,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/control HTTP/1.1","request_ack_time":1499,"request_time":0,"response_ack_time":26241,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1499,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/control"}
{"endtime":"2021-04-22T11:36:29.490783Z","timestamp":"2021-04-22T11:36:29.131276Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"af14c194-af4f-444a-8a24-2e3a0db26147","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":9,"request_time":0,"response_ack_time":205,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49348,"status":200,"time_taken":359743,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:29.942148Z","timestamp":"2021-04-22T11:36:29.941590Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219809","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219809 HTTP/1.1","request_ack_time":558,"request_time":0,"response_ack_time":27201,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":558,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219809"}
{"endtime":"2021-04-22T11:36:32.665929Z","timestamp":"2021-04-22T11:36:32.642065Z","bytes":8636,"bytes_in":887,"bytes_out":7749,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwork &useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219810","http_comment":"HTTP/1.1 200 OK","http_content_length":7003,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3Dnetwork+&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219810 HTTP/1.1","request_ack_time":23750,"request_time":0,"response_ack_time":25865,"response_time":114,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":49831,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/shelper","uri_query":"output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search index%3Dnetwork &useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1619091219810"}
{"endtime":"2021-04-22T11:36:32.935092Z","timestamp":"2021-04-22T11:36:32.930247Z","bytes":7879,"bytes_in":742,"bytes_out":7137,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219811","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219811 HTTP/1.1","request_ack_time":4773,"request_time":0,"response_ack_time":26766,"response_time":72,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":4845,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219811"}
{"endtime":"2021-04-22T11:36:32.981317Z","timestamp":"2021-04-22T11:36:32.978034Z","bytes":3857,"bytes_in":3062,"bytes_out":795,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":8,"request_time":555,"response_ack_time":26548,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":201,"time_taken":3283,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:36:33.014062Z","timestamp":"2021-04-22T11:36:33.012146Z","bytes":2982,"bytes_in":749,"bytes_out":2233,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219812","http_comment":"HTTP/1.1 200 OK","http_content_length":1487,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091392.154?output_mode=json&_=1619091219812 HTTP/1.1","request_ack_time":1916,"request_time":0,"response_ack_time":25750,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1916,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091392.154","uri_query":"output_mode=json&_=1619091219812"}
{"endtime":"2021-04-22T11:36:33.046362Z","timestamp":"2021-04-22T11:36:33.046059Z","bytes":1639,"bytes_in":825,"bytes_out":814,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219813","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219813 HTTP/1.1","request_ack_time":303,"request_time":0,"response_ack_time":25441,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":303,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219813"}
{"endtime":"2021-04-22T11:36:33.104279Z","timestamp":"2021-04-22T11:36:33.102259Z","bytes":3475,"bytes_in":750,"bytes_out":2725,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219814","http_comment":"HTTP/1.1 200 OK","http_content_length":1979,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154?output_mode=json&_=1619091219814 HTTP/1.1","request_ack_time":2020,"request_time":0,"response_ack_time":25541,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2020,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154","uri_query":"output_mode=json&_=1619091219814"}
{"endtime":"2021-04-22T11:36:33.140674Z","timestamp":"2021-04-22T11:36:33.136080Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219815","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/summary?output_mode=json&min_freq=0&_=1619091219815 HTTP/1.1","request_ack_time":4594,"request_time":0,"response_ack_time":25142,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":4594,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219815"}
{"endtime":"2021-04-22T11:36:33.143205Z","timestamp":"2021-04-22T11:36:33.140450Z","bytes":2919,"bytes_in":2134,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219816","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219816 HTTP/1.1","request_ack_time":10,"request_time":60,"response_ack_time":26891,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2755,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219816"}
{"endtime":"2021-04-22T11:36:33.162436Z","timestamp":"2021-04-22T11:36:33.162209Z","bytes":1478,"bytes_in":735,"bytes_out":743,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&time=-24h&_=1619091219817","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219817 HTTP/1.1","request_ack_time":227,"request_time":0,"response_ack_time":29344,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":227,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219817"}
{"endtime":"2021-04-22T11:36:33.174526Z","timestamp":"2021-04-22T11:36:33.170075Z","bytes":1613,"bytes_in":769,"bytes_out":844,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219818","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/summary?output_mode=json&min_freq=0&_=1619091219818 HTTP/1.1","request_ack_time":4451,"request_time":0,"response_ack_time":25339,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":4451,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219818"}
{"endtime":"2021-04-22T11:36:33.177008Z","timestamp":"2021-04-22T11:36:33.174387Z","bytes":2919,"bytes_in":2134,"bytes_out":785,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219819","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219819 HTTP/1.1","request_ack_time":5,"request_time":195,"response_ack_time":26894,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2621,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219819"}
{"endtime":"2021-04-22T11:36:33.304241Z","timestamp":"2021-04-22T11:36:33.302152Z","bytes":3476,"bytes_in":750,"bytes_out":2726,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219820","http_comment":"HTTP/1.1 200 OK","http_content_length":1980,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154?output_mode=json&_=1619091219820 HTTP/1.1","request_ack_time":2089,"request_time":0,"response_ack_time":27618,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2089,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154","uri_query":"output_mode=json&_=1619091219820"}
{"endtime":"2021-04-22T11:36:33.566361Z","timestamp":"2021-04-22T11:36:33.564144Z","bytes":3476,"bytes_in":750,"bytes_out":2726,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219821","http_comment":"HTTP/1.1 200 OK","http_content_length":1980,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154?output_mode=json&_=1619091219821 HTTP/1.1","request_ack_time":2217,"request_time":0,"response_ack_time":25528,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2217,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154","uri_query":"output_mode=json&_=1619091219821"}
{"endtime":"2021-04-22T11:36:33.640530Z","timestamp":"2021-04-22T11:36:33.276971Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"fb12e011-d3da-4135-ba8a-9f4284dad402","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":41,"request_time":0,"response_ack_time":318,"response_time":57,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49932,"status":200,"time_taken":363918,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:33.940383Z","timestamp":"2021-04-22T11:36:33.937843Z","bytes":3804,"bytes_in":750,"bytes_out":3054,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219822","http_comment":"HTTP/1.1 200 OK","http_content_length":2308,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154?output_mode=json&_=1619091219822 HTTP/1.1","request_ack_time":2473,"request_time":0,"response_ack_time":25637,"response_time":67,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2540,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154","uri_query":"output_mode=json&_=1619091219822"}
{"endtime":"2021-04-22T11:36:33.986482Z","timestamp":"2021-04-22T11:36:33.972509Z","bytes":11779,"bytes_in":769,"bytes_out":11010,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219823","http_comment":"HTTP/1.1 200 OK","http_content_length":10263,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/summary?output_mode=json&min_freq=0&_=1619091219823 HTTP/1.1","request_ack_time":13869,"request_time":0,"response_ack_time":27722,"response_time":104,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":37612,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219823"}
{"endtime":"2021-04-22T11:36:33.991953Z","timestamp":"2021-04-22T11:36:33.990327Z","bytes":1831,"bytes_in":746,"bytes_out":1085,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"offset=0&count=1000&_=1619091219825","http_comment":"HTTP/1.1 200 OK","http_content_length":348,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091392.154/timeline?offset=0&count=1000&_=1619091219825 HTTP/1.1","request_ack_time":1626,"request_time":0,"response_ack_time":26047,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1626,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091392.154/timeline","uri_query":"offset=0&count=1000&_=1619091219825"}
{"endtime":"2021-04-22T11:36:34.014301Z","timestamp":"2021-04-22T11:36:33.972929Z","bytes":24319,"bytes_in":2134,"bytes_out":22185,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219824","http_comment":"HTTP/1.1 200 OK","http_content_length":21438,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219824 HTTP/1.1","request_ack_time":18,"request_time":0,"response_ack_time":27778,"response_time":27395,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":68788,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219824"}
{"endtime":"2021-04-22T11:36:34.601909Z","timestamp":"2021-04-22T11:36:34.600383Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1526,"request_time":0,"response_ack_time":24369,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1526,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:36:34.611468Z","timestamp":"2021-04-22T11:36:34.242329Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"bcd955d1-adfa-4c53-8eff-dc05d015974e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":33,"request_time":0,"response_ack_time":604,"response_time":61,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49350,"status":200,"time_taken":369568,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:36.112998Z","timestamp":"2021-04-22T11:36:36.112998Z","count":80,"c_ip":"46.128.24.64","sum(bytes_in)":85061,"sum(bytes_out)":306970,"sum(time_taken)":688753}
{"endtime":"2021-04-22T11:36:36.112998Z","timestamp":"2021-04-22T11:36:36.112998Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4039462}
{"endtime":"2021-04-22T11:36:36.112998Z","timestamp":"2021-04-22T11:36:36.112998Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3946174}
{"endtime":"2021-04-22T11:36:36.113050Z","timestamp":"2021-04-22T11:36:36.113050Z","count":102,"dest_ip":"10.0.1.12","sum(time_taken)":8674389}
{"endtime":"2021-04-22T11:36:36.113059Z","timestamp":"2021-04-22T11:36:36.113059Z","count":5,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:36:36.113059Z","timestamp":"2021-04-22T11:36:36.113059Z","count":97,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs","sum(bytes_in)":13467,"sum(bytes_out)":3987,"sum(time_taken)":16941}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/summary","sum(bytes_in)":1538,"sum(bytes_out)":1688,"sum(time_taken)":9045}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/events","sum(bytes_in)":6402,"sum(bytes_out)":23755,"sum(time_taken)":74164}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154","sum(bytes_in)":3000,"sum(bytes_out)":11231,"sum(time_taken)":8866}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/summary","sum(bytes_in)":2307,"sum(bytes_out)":8380,"sum(time_taken)":17796}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/events","sum(bytes_in)":6402,"sum(bytes_out)":4823,"sum(time_taken)":44396}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153/control","sum(bytes_in)":912,"sum(bytes_out)":762,"sum(time_taken)":1499}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091373.153","sum(bytes_in)":1500,"sum(bytes_out)":5836,"sum(time_taken)":4308}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/summary","sum(bytes_in)":2307,"sum(bytes_out)":12702,"sum(time_taken)":48762}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152/events","sum(bytes_in)":6402,"sum(bytes_out)":40991,"sum(time_taken)":83010}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091363.152","sum(bytes_in)":3000,"sum(bytes_out)":11222,"sum(time_taken)":8845}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151/summary","sum(bytes_in)":1538,"sum(bytes_out)":11856,"sum(time_taken)":38545}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151/events","sum(bytes_in)":2134,"sum(bytes_out)":75158,"sum(time_taken)":111426}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091356.151","sum(bytes_in)":1500,"sum(bytes_out)":5350,"sum(time_taken)":29246}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/summary","sum(bytes_in)":769,"sum(bytes_out)":5899,"sum(time_taken)":6493}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091332.150/control","sum(bytes_in)":912,"sum(bytes_out)":762,"sum(time_taken)":1624}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":2733,"sum(bytes_out)":2286,"sum(time_taken)":4551}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091392.154","sum(bytes_in)":749,"sum(bytes_out)":2233,"sum(time_taken)":1916}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091373.153","sum(bytes_in)":749,"sum(bytes_out)":2251,"sum(time_taken)":1931}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091363.152","sum(bytes_in)":749,"sum(bytes_out)":2233,"sum(time_taken)":1923}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091356.151","sum(bytes_in)":749,"sum(bytes_out)":2265,"sum(time_taken)":1918}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser","sum(bytes_in)":984,"sum(bytes_out)":861,"sum(time_taken)":4261}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","sum(bytes_in)":2968,"sum(bytes_out)":28548,"sum(time_taken)":44782}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":12,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":8748,"sum(bytes_out)":13892,"sum(time_taken)":7752}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":8,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":6240,"sum(bytes_out)":6228,"sum(time_taken)":2240}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/shelper","sum(bytes_in)":1774,"sum(bytes_out)":15498,"sum(time_taken)":105754}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091373.153/timeline","sum(bytes_in)":746,"sum(bytes_out)":1084,"sum(time_taken)":1516}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091363.152/timeline","sum(bytes_in)":746,"sum(bytes_out)":1085,"sum(time_taken)":1389}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091356.151/timeline","sum(bytes_in)":746,"sum(bytes_out)":1082,"sum(time_taken)":1443}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091332.150/timeline","sum(bytes_in)":746,"sum(bytes_out)":1082,"sum(time_taken)":1439}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1544,"sum(bytes_out)":1940,"sum(time_taken)":972}
{"endtime":"2021-04-22T11:36:36.113071Z","timestamp":"2021-04-22T11:36:36.113071Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":21934,"sum(time_taken)":7985636}
{"endtime":"2021-04-22T11:36:38.623667Z","timestamp":"2021-04-22T11:36:38.622981Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037497","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037497 HTTP/1.1","request_ack_time":686,"request_time":0,"response_ack_time":26948,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":686,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037497"}
{"endtime":"2021-04-22T11:36:38.627227Z","timestamp":"2021-04-22T11:36:38.627015Z","bytes":1742,"bytes_in":772,"bytes_out":970,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037498","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037498 HTTP/1.1","request_ack_time":212,"request_time":0,"response_ack_time":27396,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":212,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037498"}
{"endtime":"2021-04-22T11:36:39.621028Z","timestamp":"2021-04-22T11:36:39.261322Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"e6a064f6-8b6d-4806-9d15-a28b15cad8a7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":402,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49933,"status":200,"time_taken":360003,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:39.941689Z","timestamp":"2021-04-22T11:36:39.941078Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219826","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219826 HTTP/1.1","request_ack_time":611,"request_time":0,"response_ack_time":25531,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":611,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219826"}
{"endtime":"2021-04-22T11:36:39.981486Z","timestamp":"2021-04-22T11:36:39.981093Z","bytes":1742,"bytes_in":772,"bytes_out":970,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219827","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219827 HTTP/1.1","request_ack_time":393,"request_time":0,"response_ack_time":27314,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":393,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219827"}
{"endtime":"2021-04-22T11:36:40.472938Z","timestamp":"2021-04-22T11:36:40.113522Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"cbb4e03b-e14d-4cd8-b9f1-6bb655cd3f87","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":181,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49352,"status":200,"time_taken":359587,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:45.462011Z","timestamp":"2021-04-22T11:36:45.105029Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"418b7251-a7ba-4fba-9374-27006ec3fb6f","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":357,"response_time":62,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49934,"status":200,"time_taken":357225,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:45.591048Z","timestamp":"2021-04-22T11:36:45.224606Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"4a4e3640-d2df-4057-a1e0-fa6fb64c943f","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":233,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49354,"status":200,"time_taken":366610,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:48.629214Z","timestamp":"2021-04-22T11:36:48.628464Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091037499","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037499 HTTP/1.1","request_ack_time":750,"request_time":0,"response_ack_time":26946,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":750,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037499"}
{"endtime":"2021-04-22T11:36:48.978161Z","timestamp":"2021-04-22T11:36:48.976621Z","bytes":1674,"bytes_in":912,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/control HTTP/1.1","request_ack_time":1540,"request_time":0,"response_ack_time":26083,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1540,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/control"}
{"endtime":"2021-04-22T11:36:49.508110Z","timestamp":"2021-04-22T11:36:49.506605Z","bytes":1673,"bytes_in":911,"bytes_out":762,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1505,"request_time":0,"response_ack_time":24197,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1505,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:36:49.937207Z","timestamp":"2021-04-22T11:36:49.936647Z","bytes":1886,"bytes_in":729,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219828","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219828 HTTP/1.1","request_ack_time":560,"request_time":0,"response_ack_time":25217,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":560,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219828"}
{"endtime":"2021-04-22T11:36:51.459017Z","timestamp":"2021-04-22T11:36:51.092821Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"8f6af9d6-c76c-42b0-a3b9-e5aa31a767aa","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":179,"response_time":185,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49356,"status":200,"time_taken":366415,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:51.499785Z","timestamp":"2021-04-22T11:36:51.136132Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"8625a799-5c2f-412b-9310-38b4fd5ce9a8","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":425,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49935,"status":200,"time_taken":363886,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:56.579705Z","timestamp":"2021-04-22T11:36:56.210522Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"b2495b5e-f617-4de6-8924-a5fbd505d4a2","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":246,"response_time":281,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49358,"status":200,"time_taken":369379,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:56.582099Z","timestamp":"2021-04-22T11:36:56.214463Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"565c7073-e552-42fb-8042-7a7a15b56924","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":22,"request_time":0,"response_ack_time":434,"response_time":32,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49936,"status":200,"time_taken":368057,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:36:57.082908Z","timestamp":"2021-04-22T11:36:57.081436Z","bytes":393,"bytes_in":256,"bytes_out":137,"dest_ip":"10.0.1.16","dest_mac":"02:24:CD:58:40:1C","dest_port":80,"flow_id":"494f25f1-b8cd-4021-8511-bff15f674183","form_data":"pwd=123456&username=user_john","http_comment":"HTTP/1.0 200 OK","http_content_type":"text/html","http_method":"POST","http_user_agent":"Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.14393.4350","protocol_stack":"ip:tcp:http:ms_psrp","request":"POST /foo HTTP/1.1","request_ack_time":110,"request_time":768,"response_ack_time":27,"response_time":41,"server":"BaseHTTP/0.6 Python/3.8.6","site":"10.0.1.16","src_ip":"10.0.1.14","src_mac":"02:A9:8D:CE:78:9E","src_port":62681,"status":200,"time_taken":6345,"transport":"tcp","uri_path":"/foo","vxlan_id":8359286}
{"endtime":"2021-04-22T11:36:57.133841Z","timestamp":"2021-04-22T11:36:57.132897Z","bytes":5303,"bytes_in":5108,"bytes_out":195,"dest_ip":"10.0.1.16","dest_mac":"02:24:CD:58:40:1C","dest_port":80,"flow_id":"38a85952-a937-4b91-97c1-376b8df12b77","form_data":"-----WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n\t\t----------------PROCESS LIST----------------\r\n\r\n[System Process]\r\nSystem\r\nsmss.exe\r\ncsrss.exe\r\nwininit.exe\r\ncsrss.exe\r\nwinlogon.exe\r\nservices.exe\r\nlsass.exe\r\nlsm.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\naudiodg.exe\r\nsvchost.exe\r\nspoolsv.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\ntaskhost.exe\r\ndwm.exe\r\nexplorer.exe\r\nSearchIndexer.exe\r\nmscorsvw.exe\r\nmscorsvw.exe\r\nOSPPSVC.EXE\r\ncmd.exe\r\nconhost.exe\r\nwermgr.exe\r\ncmd.exe\r\nconhost.exe\r\ntaskeng.exe\r\ntaskhost.exe\r\nsvchost.exe\r\ndllhost.exe\r\nsvchost.exe\r\n\r\n\r\nproclisttest\r\n-----WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"sysinfo\"\r\n\r\n\t\t----------------SYSTEM_INFO----------------\r\n\r\n\tipconfig /all\r\n\r\n\r\nWindows IP Configuration\r\n\r\n   Host Name . . . . . . . . . . . . : Cincinnati-PC\r\n   Primary Dns Suffix  . . . . . . . : 2thumbsup.net\r\n   Node Type . . . . . . . . . . . . : Hybrid\r\n   IP Routing Enabled. . . . . . . . : No\r\n   WINS Proxy Enabled. . . . . . . . : No\r\n   DNS Suffix Search List. . . . . . : 2thumbsup.net\r\n\r\nEthernet adapter Local Area Connection:\r\n\r\n   Connection-specific DNS Suffix  . : localdomain\r\n   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection\r\n   Physical Address. . . . . . . . . : 00-08-02-1C-47-AE\r\n   DHCP Enabled. . . . . . . . . . . : Yes\r\n   Autoconfiguration Enabled . . . . : Yes\r\n   IPv4 Address. . . . . . . . . . . : 10.6.10.197(Preferred) \r\n   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n   Lease Obtained. . . . . . . . . . : Wednesday, June 10, 2020 8:55:21 PM\r\n   Lease Expires . . . . . . . . . . : Thursday, June 18, 2020 9:01:40 PM\r\n   Default Gateway . . . . . . . . . : 10.6.10.1\r\n   DHCP Server . . . . . . . . . . . : 10.6.10.6\r\n   DNS Servers . . . . . . . . . . . : 10.6.10.6\r\n   NetBIOS over Tcpip. . . . . . . . : Enabled\r\n\r\nTunnel adapter isatap.2thumbsup.net:\r\n\r\n   Media State . . . . . . . . . . . : Media disconnected\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2\r\n   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0\r\n   DHCP Enabled. . . . . . . . . . . : No\r\n   Autoconfiguration Enabled . . . . : Yes\r\n\r\n\r\n\tnet config workstation\r\n\r\nComputer name                        \\\\CINCINNATI-PC\r\nFull Computer name                   Cincinnati-PC.2thumbsup.net\r\nUser name                            jackqueline.northrop\r\n\r\nWorkstation active on                \r\n\tNetBT_Tcpip_{F66E9F09-4E77-8ACb-746D-7212D5EE4FC0} (0008021C47AE)\r\n\r\nSoftware version                     Windows 7 Professional\r\n\r\nWorkstation domain                   2THUMBSUP\r\nWorkstation Domain DNS Name          2thumbsup.net\r\nLogon domain                         2THUMBSUP\r\n\r\nCOM Open Timeout (sec)               0\r\nCOM Send Count (byte)                16\r\nCOM Send Timeout (msec)              250\r\nThe command completed successfully.\r\n\r\n\r\n\r\n\tnet view /all\r\n\r\nSystem error 6118 has occurred.\r\n\r\nThe list of servers for this workgroup is not currently available\r\n\r\n\r\n\r\n\tnet view /all /domain\r\n\r\nSystem error 6118 has occurred.\r\n\r\nThe list of servers for this workgroup is not currently available\r\n\r\n\r\n\r\n\tnltest /domain_trusts\r\n\r\nList of domain trusts:\r\n    0: 2THUMBSUP 2thumbsup.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)\r\nThe command completed successfully\r\n\r\n\r\n\tnltest /domain_trusts /all_trusts\r\n\r\nList of domain trusts:\r\n    0: 2THUMBSUP 2thumbsup.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)\r\nThe command completed successfully\r\n\r\n\r\n\t\t-----------------LOCAL_MACHINE_DATA-----------------\r\n\r\nUser_Name: CN=Jackqueline Northrop,CN=Users,DC=2thumbsup,DC=net\r\nComputer_Name: CN=CINCINNATI-PC,CN=Computers,DC=2thumbsup,DC=net\r\nSite_Name: Default-First-Site-Name\r\nDomain_Shortname: 2THUMBSUP\r\nDomain_Name: 2thumbsup.net\r\nForest_Name: 2thumbsup.net\r\nDomain_Controller: 2thumbsup-DC.2thumbsup.net\r\nForest_Trees:\r\n\t1) 2thumbsup.net\r\n\r\n\r\nUsername: Administrator Username: Guest Username: krbtgt Username: audrey.killam Username: nathaniel.campanero Username: sara.gibbins Username: jackqueline.northrop Username: craig.howlett Username: roberto.stawinsky \r\n\r\nDomain: 2thumbsup-DC.2thumbsup.net\r\n\r\nName: 2thumbsup-DC.2thumbsup.net\r\nName: MINNEAPOLIS-PC.2thumbsup.net\r\nName: SACRAMENTO-PC.2thumbsup.net\r\nName: HILDEBRAND-PC.2thumbsup.net\r\nName: HUNTSVILLE-PC.2thumbsup.net\r\nName: CINCINNATI-PC.2thumbsup.net\r\nName: BATON-ROUGE-PC.2thumbsup.net\r\n\r\n\r\nUsername: Administrator Username: Guest Username: krbtgt Username: audrey.killam Username: nathaniel.campanero Username: sara.gibbins Username: jackqueline.northrop Username: craig.howlett Username: roberto.stawinsky ------------------------------------------------\r\n\r\n\r\n-----WebKitFormBoundary7MA4YWxkTrZu0gW--","http_comment":"HTTP/1.0 200 OK","http_content_type":"text/html","http_method":"POST","http_user_agent":"Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.14393.4350","protocol_stack":"ip:tcp:http:ms_psrp","request":"POST /gi6/CINCINNATI-PC_W617601.723196F318E04CC68194F403520850B8/90 HTTP/1.1","request_ack_time":166,"request_time":40,"response_ack_time":28,"response_time":28,"server":"BaseHTTP/0.6 Python/3.8.6","site":"10.0.1.16","src_ip":"10.0.1.14","src_mac":"02:A9:8D:CE:78:9E","src_port":62682,"status":200,"time_taken":1023,"transport":"tcp","uri_path":"/gi6/CINCINNATI-PC_W617601.723196F318E04CC68194F403520850B8/90","vxlan_id":8359286}
{"endtime":"2021-04-22T11:36:58.061414Z","timestamp":"2021-04-22T11:36:58.061414Z","count":1,"dest_ip":"10.0.1.16","site":"10.0.1.16","status":200,"uri_path":"/gi6/CINCINNATI-PC_W617601.723196F318E04CC68194F403520850B8/90","sum(bytes_in)":5108,"sum(bytes_out)":195,"sum(time_taken)":1023}
{"endtime":"2021-04-22T11:36:58.061414Z","timestamp":"2021-04-22T11:36:58.061414Z","count":1,"dest_ip":"10.0.1.16","site":"10.0.1.16","status":200,"uri_path":"/foo","sum(bytes_in)":256,"sum(bytes_out)":137,"sum(time_taken)":6345}
{"endtime":"2021-04-22T11:36:58.061408Z","timestamp":"2021-04-22T11:36:58.061408Z","count":2,"dest_ip":"10.0.1.16","status":200}
{"endtime":"2021-04-22T11:36:58.061402Z","timestamp":"2021-04-22T11:36:58.061402Z","count":2,"dest_ip":"10.0.1.16","sum(time_taken)":7368}
{"endtime":"2021-04-22T11:36:58.061377Z","timestamp":"2021-04-22T11:36:58.061377Z","count":2,"c_ip":"10.0.1.14","sum(bytes_in)":5364,"sum(bytes_out)":332,"sum(time_taken)":7368}
{"endtime":"2021-04-22T11:36:58.598779Z","timestamp":"2021-04-22T11:36:58.598016Z","bytes":1883,"bytes_in":729,"bytes_out":1154,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=AFUsab1NW8z7CPqa49lKONv_im4NFySmc9b38WfT4mslVCtEFJnYx_CWiLq9E2K9rqoaxBx1DxLr7WrKcRUA5UbT^XQBXuBIp2evywB^gH6sE1G8wQFwIeQrUGHfQCMyNWgRf1oZno","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091037500","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037500 HTTP/1.1","request_ack_time":763,"request_time":0,"response_ack_time":28916,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":763,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037500"}
{"endtime":"2021-04-22T11:36:59.936793Z","timestamp":"2021-04-22T11:36:59.936228Z","bytes":1880,"bytes_in":726,"bytes_out":1154,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219829","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219829 HTTP/1.1","request_ack_time":565,"request_time":0,"response_ack_time":25154,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":565,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219829"}
{"endtime":"2021-04-22T11:37:01.613146Z","timestamp":"2021-04-22T11:37:01.245709Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"00a6e705-d58e-4ff6-9e00-b7fec53801f5","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":9,"request_time":0,"response_ack_time":417,"response_time":51,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49938,"status":200,"time_taken":367768,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:02.454336Z","timestamp":"2021-04-22T11:37:02.081441Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"75553a96-10cb-4033-8407-c8dc37e44ea8","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":37,"request_time":0,"response_ack_time":164,"response_time":130,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49360,"status":200,"time_taken":373128,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:03.980498Z","timestamp":"2021-04-22T11:37:03.978860Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/control HTTP/1.1","request_ack_time":1638,"request_time":0,"response_ack_time":26123,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1638,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/control"}
{"endtime":"2021-04-22T11:37:04.736574Z","timestamp":"2021-04-22T11:37:04.735000Z","bytes":1667,"bytes_in":908,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1574,"request_time":0,"response_ack_time":24108,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1574,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:37:05.802407Z","timestamp":"2021-04-22T11:37:05.798073Z","bytes":7873,"bytes_in":739,"bytes_out":7134,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219830","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219830 HTTP/1.1","request_ack_time":4232,"request_time":0,"response_ack_time":24471,"response_time":102,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":4334,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219830"}
{"endtime":"2021-04-22T11:37:05.838685Z","timestamp":"2021-04-22T11:37:05.835388Z","bytes":3851,"bytes_in":3059,"bytes_out":792,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":6,"request_time":498,"response_ack_time":26200,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":201,"time_taken":3297,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:37:05.870836Z","timestamp":"2021-04-22T11:37:05.869091Z","bytes":2976,"bytes_in":746,"bytes_out":2230,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219831","http_comment":"HTTP/1.1 200 OK","http_content_length":1487,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091425.155?output_mode=json&_=1619091219831 HTTP/1.1","request_ack_time":1745,"request_time":0,"response_ack_time":24051,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1745,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091425.155","uri_query":"output_mode=json&_=1619091219831"}
{"endtime":"2021-04-22T11:37:05.903449Z","timestamp":"2021-04-22T11:37:05.903171Z","bytes":1633,"bytes_in":822,"bytes_out":811,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219832","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219832 HTTP/1.1","request_ack_time":278,"request_time":0,"response_ack_time":23384,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":278,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219832"}
{"endtime":"2021-04-22T11:37:05.953073Z","timestamp":"2021-04-22T11:37:05.951217Z","bytes":3466,"bytes_in":747,"bytes_out":2719,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219833","http_comment":"HTTP/1.1 200 OK","http_content_length":1976,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155?output_mode=json&_=1619091219833 HTTP/1.1","request_ack_time":1856,"request_time":0,"response_ack_time":27783,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1856,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155","uri_query":"output_mode=json&_=1619091219833"}
{"endtime":"2021-04-22T11:37:06.017914Z","timestamp":"2021-04-22T11:37:06.013164Z","bytes":1607,"bytes_in":766,"bytes_out":841,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&min_freq=0&_=1619091219834","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/summary?output_mode=json&min_freq=0&_=1619091219834 HTTP/1.1","request_ack_time":4750,"request_time":0,"response_ack_time":24992,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":4750,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219834"}
{"endtime":"2021-04-22T11:37:06.020401Z","timestamp":"2021-04-22T11:37:06.017510Z","bytes":2913,"bytes_in":2131,"bytes_out":782,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219835","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219835 HTTP/1.1","request_ack_time":8,"request_time":82,"response_ack_time":26799,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2891,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219835"}
{"endtime":"2021-04-22T11:37:06.033502Z","timestamp":"2021-04-22T11:37:06.033274Z","bytes":1472,"bytes_in":732,"bytes_out":740,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h&_=1619091219836","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219836 HTTP/1.1","request_ack_time":228,"request_time":0,"response_ack_time":25434,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":228,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219836"}
{"endtime":"2021-04-22T11:37:06.051863Z","timestamp":"2021-04-22T11:37:06.047200Z","bytes":1607,"bytes_in":766,"bytes_out":841,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219837","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/summary?output_mode=json&min_freq=0&_=1619091219837 HTTP/1.1","request_ack_time":4663,"request_time":0,"response_ack_time":23052,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":4663,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219837"}
{"endtime":"2021-04-22T11:37:06.054061Z","timestamp":"2021-04-22T11:37:06.051447Z","bytes":2913,"bytes_in":2131,"bytes_out":782,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219838","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219838 HTTP/1.1","request_ack_time":9,"request_time":90,"response_ack_time":25017,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2614,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219838"}
{"endtime":"2021-04-22T11:37:06.167234Z","timestamp":"2021-04-22T11:37:06.165212Z","bytes":3468,"bytes_in":747,"bytes_out":2721,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219839","http_comment":"HTTP/1.1 200 OK","http_content_length":1978,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155?output_mode=json&_=1619091219839 HTTP/1.1","request_ack_time":2022,"request_time":0,"response_ack_time":25671,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2022,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155","uri_query":"output_mode=json&_=1619091219839"}
{"endtime":"2021-04-22T11:37:06.425275Z","timestamp":"2021-04-22T11:37:06.423211Z","bytes":3469,"bytes_in":747,"bytes_out":2722,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219840","http_comment":"HTTP/1.1 200 OK","http_content_length":1979,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155?output_mode=json&_=1619091219840 HTTP/1.1","request_ack_time":2064,"request_time":0,"response_ack_time":23706,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2064,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155","uri_query":"output_mode=json&_=1619091219840"}
{"endtime":"2021-04-22T11:37:06.799783Z","timestamp":"2021-04-22T11:37:06.797306Z","bytes":3797,"bytes_in":747,"bytes_out":3050,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219841","http_comment":"HTTP/1.1 200 OK","http_content_length":2307,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155?output_mode=json&_=1619091219841 HTTP/1.1","request_ack_time":2375,"request_time":0,"response_ack_time":25296,"response_time":102,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2477,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155","uri_query":"output_mode=json&_=1619091219841"}
{"endtime":"2021-04-22T11:37:06.848646Z","timestamp":"2021-04-22T11:37:06.833552Z","bytes":13682,"bytes_in":766,"bytes_out":12916,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&min_freq=0&_=1619091219842","http_comment":"HTTP/1.1 200 OK","http_content_length":12172,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/summary?output_mode=json&min_freq=0&_=1619091219842 HTTP/1.1","request_ack_time":14911,"request_time":0,"response_ack_time":28890,"response_time":183,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":42936,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219842"}
{"endtime":"2021-04-22T11:37:06.856784Z","timestamp":"2021-04-22T11:37:06.855300Z","bytes":1825,"bytes_in":743,"bytes_out":1082,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"offset=0&count=1000&_=1619091219844","http_comment":"HTTP/1.1 200 OK","http_content_length":348,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091425.155/timeline?offset=0&count=1000&_=1619091219844 HTTP/1.1","request_ack_time":1484,"request_time":0,"response_ack_time":28279,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1484,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091425.155/timeline","uri_query":"offset=0&count=1000&_=1619091219844"}
{"endtime":"2021-04-22T11:37:06.881364Z","timestamp":"2021-04-22T11:37:06.834067Z","bytes":31470,"bytes_in":2131,"bytes_out":29339,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219843","http_comment":"HTTP/1.1 200 OK","http_content_length":28595,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219843 HTTP/1.1","request_ack_time":20,"request_time":0,"response_ack_time":29777,"response_time":30076,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":74393,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219843"}
{"endtime":"2021-04-22T11:37:07.574753Z","timestamp":"2021-04-22T11:37:07.205863Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"620a370d-5788-4978-8a5b-7623e8ad7c1a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":37,"request_time":0,"response_ack_time":221,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49362,"status":200,"time_taken":369130,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:07.646220Z","timestamp":"2021-04-22T11:37:07.276871Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"6deade78-e91c-45d6-bee3-a68222c723a7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":376,"response_time":24,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49939,"status":200,"time_taken":369633,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:08.660320Z","timestamp":"2021-04-22T11:37:08.659556Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037501","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037501 HTTP/1.1","request_ack_time":764,"request_time":0,"response_ack_time":24987,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":764,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037501"}
{"endtime":"2021-04-22T11:37:09.938768Z","timestamp":"2021-04-22T11:37:09.938102Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219845","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219845 HTTP/1.1","request_ack_time":666,"request_time":0,"response_ack_time":26792,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":666,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219845"}
{"endtime":"2021-04-22T11:37:13.443901Z","timestamp":"2021-04-22T11:37:13.076449Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"78beaeec-12e6-4e07-a5d9-5131b46fbaff","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":36,"request_time":0,"response_ack_time":163,"response_time":60,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49364,"status":200,"time_taken":367664,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:13.456332Z","timestamp":"2021-04-22T11:37:13.104873Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d8e6ed5e-eea7-44c5-a485-a4031c95ecff","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":27,"request_time":0,"response_ack_time":440,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49940,"status":200,"time_taken":351758,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:18.528399Z","timestamp":"2021-04-22T11:37:18.170421Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"afa69995-9f88-4bbd-8729-50a2c966658b","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":4,"request_time":0,"response_ack_time":4621,"response_time":96,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49941,"status":200,"time_taken":359456,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:18.551298Z","timestamp":"2021-04-22T11:37:18.195418Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9195206c-6616-4726-ba61-1558a5b674d0","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":10,"request_time":0,"response_ack_time":230,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49366,"status":200,"time_taken":356071,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:18.657833Z","timestamp":"2021-04-22T11:37:18.657145Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037502","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037502 HTTP/1.1","request_ack_time":688,"request_time":0,"response_ack_time":27020,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":688,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037502"}
{"endtime":"2021-04-22T11:37:19.474917Z","timestamp":"2021-04-22T11:37:19.473344Z","bytes":1667,"bytes_in":908,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1573,"request_time":0,"response_ack_time":26115,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1573,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:37:19.760361Z","timestamp":"2021-04-22T11:37:19.755901Z","bytes":1845,"bytes_in":983,"bytes_out":862,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&q=search index=network&stripReportsSearch=false&action=fieldvalue&field=dest_ip&value=10.0.1.16","http_comment":"HTTP/1.1 200 OK","http_content_length":161,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser HTTP/1.1","request_ack_time":4460,"request_time":0,"response_ack_time":24734,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":4460,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser"}
{"endtime":"2021-04-22T11:37:19.859135Z","timestamp":"2021-04-22T11:37:19.855366Z","bytes":7873,"bytes_in":739,"bytes_out":7134,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219846","http_comment":"HTTP/1.1 200 OK","http_content_length":6391,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219846 HTTP/1.1","request_ack_time":3674,"request_time":0,"response_ack_time":28042,"response_time":95,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":3769,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219846"}
{"endtime":"2021-04-22T11:37:19.901624Z","timestamp":"2021-04-22T11:37:19.898497Z","bytes":3903,"bytes_in":3111,"bytes_out":792,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network dest_ip=\"10.0.1.16\"&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network dest_ip=\"10.0.1.16\"&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":7,"request_time":499,"response_ack_time":25477,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":201,"time_taken":3127,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:37:19.933168Z","timestamp":"2021-04-22T11:37:19.931373Z","bytes":2996,"bytes_in":746,"bytes_out":2250,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219847","http_comment":"HTTP/1.1 200 OK","http_content_length":1507,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091439.156?output_mode=json&_=1619091219847 HTTP/1.1","request_ack_time":1795,"request_time":0,"response_ack_time":27975,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1795,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091439.156","uri_query":"output_mode=json&_=1619091219847"}
{"endtime":"2021-04-22T11:37:19.935797Z","timestamp":"2021-04-22T11:37:19.935365Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219848","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219848 HTTP/1.1","request_ack_time":432,"request_time":0,"response_ack_time":25345,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":432,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219848"}
{"endtime":"2021-04-22T11:37:19.965648Z","timestamp":"2021-04-22T11:37:19.965403Z","bytes":1633,"bytes_in":822,"bytes_out":811,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219849","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219849 HTTP/1.1","request_ack_time":245,"request_time":0,"response_ack_time":25637,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":245,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219849"}
{"endtime":"2021-04-22T11:37:20.015231Z","timestamp":"2021-04-22T11:37:20.013404Z","bytes":2999,"bytes_in":747,"bytes_out":2252,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219850","http_comment":"HTTP/1.1 200 OK","http_content_length":1509,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156?output_mode=json&_=1619091219850 HTTP/1.1","request_ack_time":1827,"request_time":0,"response_ack_time":24031,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1827,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156","uri_query":"output_mode=json&_=1619091219850"}
{"endtime":"2021-04-22T11:37:20.078475Z","timestamp":"2021-04-22T11:37:20.078182Z","bytes":1472,"bytes_in":732,"bytes_out":740,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&time=-24h&_=1619091219851","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219851 HTTP/1.1","request_ack_time":293,"request_time":0,"response_ack_time":24641,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":293,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219851"}
{"endtime":"2021-04-22T11:37:20.220011Z","timestamp":"2021-04-22T11:37:20.217467Z","bytes":4183,"bytes_in":747,"bytes_out":3436,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219852","http_comment":"HTTP/1.1 200 OK","http_content_length":2693,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156?output_mode=json&_=1619091219852 HTTP/1.1","request_ack_time":2485,"request_time":0,"response_ack_time":25662,"response_time":59,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":2544,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156","uri_query":"output_mode=json&_=1619091219852"}
{"endtime":"2021-04-22T11:37:20.255359Z","timestamp":"2021-04-22T11:37:20.249439Z","bytes":5483,"bytes_in":766,"bytes_out":4717,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&min_freq=0&_=1619091219853","http_comment":"HTTP/1.1 200 OK","http_content_length":3974,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/summary?output_mode=json&min_freq=0&_=1619091219853 HTTP/1.1","request_ack_time":5911,"request_time":0,"response_ack_time":25861,"response_time":9,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":5920,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219853"}
{"endtime":"2021-04-22T11:37:20.271135Z","timestamp":"2021-04-22T11:37:20.269348Z","bytes":1822,"bytes_in":743,"bytes_out":1079,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"offset=0&count=1000&_=1619091219855","http_comment":"HTTP/1.1 200 OK","http_content_length":345,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091439.156/timeline?offset=0&count=1000&_=1619091219855 HTTP/1.1","request_ack_time":1787,"request_time":0,"response_ack_time":32024,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1787,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091439.156/timeline","uri_query":"offset=0&count=1000&_=1619091219855"}
{"endtime":"2021-04-22T11:37:20.299303Z","timestamp":"2021-04-22T11:37:20.258564Z","bytes":22613,"bytes_in":2131,"bytes_out":20482,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219854","http_comment":"HTTP/1.1 200 OK","http_content_length":19738,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219854 HTTP/1.1","request_ack_time":10,"request_time":98,"response_ack_time":23853,"response_time":29031,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":68404,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219854"}
{"endtime":"2021-04-22T11:37:20.312839Z","timestamp":"2021-04-22T11:37:20.307378Z","bytes":5483,"bytes_in":766,"bytes_out":4717,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&min_freq=0&_=1619091219856","http_comment":"HTTP/1.1 200 OK","http_content_length":3974,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/summary?output_mode=json&min_freq=0&_=1619091219856 HTTP/1.1","request_ack_time":5453,"request_time":0,"response_ack_time":28271,"response_time":8,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":29771,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219856"}
{"endtime":"2021-04-22T11:37:23.590512Z","timestamp":"2021-04-22T11:37:23.223428Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"eb199ede-fc33-4259-951d-dc1f54f904e7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":9,"request_time":0,"response_ack_time":534,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49942,"status":200,"time_taken":368363,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:24.410645Z","timestamp":"2021-04-22T11:37:24.053097Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"34e03f59-23c3-4884-9457-a37a25d6c0fe","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":142,"response_time":65,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49368,"status":200,"time_taken":357745,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:26.834030Z","timestamp":"2021-04-22T11:37:26.826395Z","bytes":3355,"bytes_in":826,"bytes_out":2529,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&count=1&locale=en-GB&page=search&segmentation=full&max_lines=5&offset=0&_=1619091219857","http_comment":"HTTP/1.1 200 OK","http_content_length":1786,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/events?output_mode=json&count=1&locale=en-GB&page=search&segmentation=full&max_lines=5&offset=0&_=1619091219857 HTTP/1.1","request_ack_time":7635,"request_time":0,"response_ack_time":28090,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":7635,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/events","uri_query":"output_mode=json&count=1&locale=en-GB&page=search&segmentation=full&max_lines=5&offset=0&_=1619091219857"}
{"endtime":"2021-04-22T11:37:28.585050Z","timestamp":"2021-04-22T11:37:28.584586Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091037503","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037503 HTTP/1.1","request_ack_time":464,"request_time":0,"response_ack_time":25308,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":464,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037503"}
{"endtime":"2021-04-22T11:37:28.626008Z","timestamp":"2021-04-22T11:37:28.261439Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"2bf25495-4aba-4fed-85f7-239971d3568f","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":9,"request_time":0,"response_ack_time":312,"response_time":47,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49943,"status":200,"time_taken":364907,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:29.517386Z","timestamp":"2021-04-22T11:37:29.162447Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"9bdb7279-fbef-4434-b739-089de03d4c54","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":203,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49372,"status":200,"time_taken":355152,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:29.939594Z","timestamp":"2021-04-22T11:37:29.938885Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219858","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219858 HTTP/1.1","request_ack_time":709,"request_time":0,"response_ack_time":25523,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":709,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219858"}
{"endtime":"2021-04-22T11:37:34.401849Z","timestamp":"2021-04-22T11:37:34.046833Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a0b01dbf-60eb-49d4-9aa4-47fa0dc6a53e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":17,"request_time":0,"response_ack_time":338,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49944,"status":200,"time_taken":355423,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:34.587171Z","timestamp":"2021-04-22T11:37:34.585594Z","bytes":1667,"bytes_in":908,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1577,"request_time":0,"response_ack_time":30198,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1577,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:37:34.629229Z","timestamp":"2021-04-22T11:37:34.269030Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a3914108-7f3f-4764-8b09-014d041c01bc","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":32,"request_time":0,"response_ack_time":154,"response_time":55,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49374,"status":200,"time_taken":360407,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:35.319392Z","timestamp":"2021-04-22T11:37:35.317777Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/control HTTP/1.1","request_ack_time":1615,"request_time":0,"response_ack_time":28044,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1615,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/control"}
{"endtime":"2021-04-22T11:37:36.139150Z","timestamp":"2021-04-22T11:37:36.139150Z","count":50,"c_ip":"46.128.24.64","sum(bytes_in)":47635,"sum(bytes_out)":129339,"sum(time_taken)":267719}
{"endtime":"2021-04-22T11:37:36.139150Z","timestamp":"2021-04-22T11:37:36.139150Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4001288}
{"endtime":"2021-04-22T11:37:36.139150Z","timestamp":"2021-04-22T11:37:36.139150Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3986479}
{"endtime":"2021-04-22T11:37:36.139225Z","timestamp":"2021-04-22T11:37:36.139225Z","count":72,"dest_ip":"10.0.1.12","sum(time_taken)":8255486}
{"endtime":"2021-04-22T11:37:36.139233Z","timestamp":"2021-04-22T11:37:36.139233Z","count":2,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:37:36.139233Z","timestamp":"2021-04-22T11:37:36.139233Z","count":70,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs","sum(bytes_in)":6170,"sum(bytes_out)":1584,"sum(time_taken)":6424}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/summary","sum(bytes_in)":766,"sum(bytes_out)":4717,"sum(time_taken)":29771}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/events","sum(bytes_in)":826,"sum(bytes_out)":2529,"sum(time_taken)":7635}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156","sum(bytes_in)":1494,"sum(bytes_out)":5688,"sum(time_taken)":4371}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/summary","sum(bytes_in)":2298,"sum(bytes_out)":14598,"sum(time_taken)":52349}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155/events","sum(bytes_in)":6393,"sum(bytes_out)":30903,"sum(time_taken)":79898}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091425.155","sum(bytes_in)":2988,"sum(bytes_out)":11212,"sum(time_taken)":8419}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/summary","sum(bytes_in)":769,"sum(bytes_out)":11010,"sum(time_taken)":37612}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091392.154/control","sum(bytes_in)":1821,"sum(bytes_out)":1521,"sum(time_taken)":3178}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":5,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":4546,"sum(bytes_out)":3801,"sum(time_taken)":7755}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091439.156","sum(bytes_in)":746,"sum(bytes_out)":2250,"sum(time_taken)":1795}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091425.155","sum(bytes_in)":746,"sum(bytes_out)":2230,"sum(time_taken)":1745}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser","sum(bytes_in)":983,"sum(bytes_out)":862,"sum(time_taken)":4460}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","sum(bytes_in)":1478,"sum(bytes_out)":14268,"sum(time_taken)":8103}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":12,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":8727,"sum(bytes_out)":13878,"sum(time_taken)":7658}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":3108,"sum(bytes_out)":3102,"sum(time_taken)":1044}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091439.156/timeline","sum(bytes_in)":743,"sum(bytes_out)":1079,"sum(time_taken)":1787}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091425.155/timeline","sum(bytes_in)":743,"sum(bytes_out)":1082,"sum(time_taken)":1484}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091392.154/timeline","sum(bytes_in)":746,"sum(bytes_out)":1085,"sum(time_taken)":1626}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1544,"sum(bytes_out)":1940,"sum(time_taken)":605}
{"endtime":"2021-04-22T11:37:36.139244Z","timestamp":"2021-04-22T11:37:36.139244Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":21934,"sum(time_taken)":7987767}
{"endtime":"2021-04-22T11:37:38.585010Z","timestamp":"2021-04-22T11:37:38.584637Z","bytes":1736,"bytes_in":769,"bytes_out":967,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037505","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037505 HTTP/1.1","request_ack_time":373,"request_time":0,"response_ack_time":29026,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":373,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037505"}
{"endtime":"2021-04-22T11:37:38.585322Z","timestamp":"2021-04-22T11:37:38.584597Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091037504","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037504 HTTP/1.1","request_ack_time":725,"request_time":0,"response_ack_time":28725,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":725,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037504"}
{"endtime":"2021-04-22T11:37:39.443926Z","timestamp":"2021-04-22T11:37:39.089462Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"6bd2f242-5b9d-46bf-8593-0dac144cca45","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":13,"request_time":0,"response_ack_time":350,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49945,"status":200,"time_taken":354731,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:39.939265Z","timestamp":"2021-04-22T11:37:39.938503Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219859","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219859 HTTP/1.1","request_ack_time":762,"request_time":0,"response_ack_time":27082,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":762,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219859"}
{"endtime":"2021-04-22T11:37:39.944659Z","timestamp":"2021-04-22T11:37:39.944442Z","bytes":1736,"bytes_in":769,"bytes_out":967,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219860","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219860 HTTP/1.1","request_ack_time":217,"request_time":0,"response_ack_time":27540,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":217,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219860"}
{"endtime":"2021-04-22T11:37:40.486798Z","timestamp":"2021-04-22T11:37:40.130958Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"bd298ec0-9238-437c-a058-f9ff12499ac9","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":139,"response_time":65,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49376,"status":200,"time_taken":356025,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:45.465881Z","timestamp":"2021-04-22T11:37:45.104929Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"3e622bbd-a1be-4f07-965b-f95a7e1f6f38","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":409,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49946,"status":200,"time_taken":361227,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:45.592004Z","timestamp":"2021-04-22T11:37:45.238322Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"6aea297c-6925-44e0-8b3e-5e571f0f29c0","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":169,"response_time":104,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49378,"status":200,"time_taken":353864,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:47.850372Z","timestamp":"2021-04-22T11:37:47.845756Z","bytes":1904,"bytes_in":1008,"bytes_out":896,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&q=search index=network dest_ip=\"10.0.1.16\"&stripReportsSearch=false&action=fieldvalue&field=http_method&value=POST","http_comment":"HTTP/1.1 200 OK","http_content_length":195,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser HTTP/1.1","request_ack_time":4616,"request_time":0,"response_ack_time":27136,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":4616,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser"}
{"endtime":"2021-04-22T11:37:47.941478Z","timestamp":"2021-04-22T11:37:47.937715Z","bytes":7874,"bytes_in":739,"bytes_out":7135,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219861","http_comment":"HTTP/1.1 200 OK","http_content_length":6392,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219861 HTTP/1.1","request_ack_time":3603,"request_time":0,"response_ack_time":41208,"response_time":160,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":45131,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219861"}
{"endtime":"2021-04-22T11:37:47.985449Z","timestamp":"2021-04-22T11:37:47.982686Z","bytes":3941,"bytes_in":3149,"bytes_out":792,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network dest_ip=\"10.0.1.16\" http_method=POST&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network dest_ip=\"10.0.1.16\" http_method=POST&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":8,"request_time":58,"response_ack_time":24022,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":201,"time_taken":2763,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:37:48.025505Z","timestamp":"2021-04-22T11:37:48.023669Z","bytes":3005,"bytes_in":746,"bytes_out":2259,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219862","http_comment":"HTTP/1.1 200 OK","http_content_length":1516,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091467.157?output_mode=json&_=1619091219862 HTTP/1.1","request_ack_time":1836,"request_time":0,"response_ack_time":23924,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1836,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091467.157","uri_query":"output_mode=json&_=1619091219862"}
{"endtime":"2021-04-22T11:37:48.057995Z","timestamp":"2021-04-22T11:37:48.057738Z","bytes":1633,"bytes_in":822,"bytes_out":811,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219863","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219863 HTTP/1.1","request_ack_time":257,"request_time":0,"response_ack_time":25421,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":257,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219863"}
{"endtime":"2021-04-22T11:37:48.109138Z","timestamp":"2021-04-22T11:37:48.107310Z","bytes":3012,"bytes_in":747,"bytes_out":2265,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219864","http_comment":"HTTP/1.1 200 OK","http_content_length":1522,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157?output_mode=json&_=1619091219864 HTTP/1.1","request_ack_time":1828,"request_time":0,"response_ack_time":28528,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1828,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157","uri_query":"output_mode=json&_=1619091219864"}
{"endtime":"2021-04-22T11:37:48.170029Z","timestamp":"2021-04-22T11:37:48.169750Z","bytes":1472,"bytes_in":732,"bytes_out":740,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&time=-24h&_=1619091219865","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219865 HTTP/1.1","request_ack_time":279,"request_time":0,"response_ack_time":23560,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":279,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219865"}
{"endtime":"2021-04-22T11:37:48.306324Z","timestamp":"2021-04-22T11:37:48.303750Z","bytes":4193,"bytes_in":747,"bytes_out":3446,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219866","http_comment":"HTTP/1.1 200 OK","http_content_length":2703,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157?output_mode=json&_=1619091219866 HTTP/1.1","request_ack_time":2461,"request_time":0,"response_ack_time":23212,"response_time":113,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2574,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157","uri_query":"output_mode=json&_=1619091219866"}
{"endtime":"2021-04-22T11:37:48.341410Z","timestamp":"2021-04-22T11:37:48.335754Z","bytes":4565,"bytes_in":766,"bytes_out":3799,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&min_freq=0&_=1619091219867","http_comment":"HTTP/1.1 200 OK","http_content_length":3056,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/summary?output_mode=json&min_freq=0&_=1619091219867 HTTP/1.1","request_ack_time":5648,"request_time":0,"response_ack_time":30121,"response_time":8,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":5656,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219867"}
{"endtime":"2021-04-22T11:37:48.355614Z","timestamp":"2021-04-22T11:37:48.354064Z","bytes":1820,"bytes_in":743,"bytes_out":1077,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"offset=0&count=1000&_=1619091219869","http_comment":"HTTP/1.1 200 OK","http_content_length":343,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091467.157/timeline?offset=0&count=1000&_=1619091219869 HTTP/1.1","request_ack_time":1550,"request_time":0,"response_ack_time":27881,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1550,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091467.157/timeline","uri_query":"offset=0&count=1000&_=1619091219869"}
{"endtime":"2021-04-22T11:37:48.379613Z","timestamp":"2021-04-22T11:37:48.340129Z","bytes":18557,"bytes_in":2131,"bytes_out":16426,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219868","http_comment":"HTTP/1.1 200 OK","http_content_length":15682,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219868 HTTP/1.1","request_ack_time":5,"request_time":32,"response_ack_time":27944,"response_time":29357,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":68724,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219868"}
{"endtime":"2021-04-22T11:37:48.432995Z","timestamp":"2021-04-22T11:37:48.427770Z","bytes":4565,"bytes_in":766,"bytes_out":3799,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219870","http_comment":"HTTP/1.1 200 OK","http_content_length":3056,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/summary?output_mode=json&min_freq=0&_=1619091219870 HTTP/1.1","request_ack_time":5216,"request_time":0,"response_ack_time":24623,"response_time":9,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":29857,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219870"}
{"endtime":"2021-04-22T11:37:49.944667Z","timestamp":"2021-04-22T11:37:49.944104Z","bytes":1881,"bytes_in":726,"bytes_out":1155,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219871","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219871 HTTP/1.1","request_ack_time":563,"request_time":0,"response_ack_time":27148,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":563,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219871"}
{"endtime":"2021-04-22T11:37:50.478057Z","timestamp":"2021-04-22T11:37:50.120384Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"83013aa7-3795-406b-b366-c4b0115a7064","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":32,"request_time":0,"response_ack_time":322,"response_time":87,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49947,"status":200,"time_taken":358009,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:51.455278Z","timestamp":"2021-04-22T11:37:51.093646Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d6e74097-726b-443b-b900-965cfbea6731","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":38,"request_time":0,"response_ack_time":300,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49380,"status":200,"time_taken":361848,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:54.304176Z","timestamp":"2021-04-22T11:37:54.302416Z","bytes":1180,"bytes_in":381,"bytes_out":799,"dest_ip":"93.184.220.29","dest_mac":"02:77:81:3A:65:E0","dest_port":80,"flow_id":"76e43a48-80c8-49f0-b82e-cb95f30126ec","http_comment":"HTTP/1.1 200 OK","http_content_length":471,"http_content_type":"application/ocsp-response","http_method":"POST","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0","protocol_stack":"ip:tcp:http:ocsp","request":"POST / HTTP/1.1","request_ack_time":782,"request_time":0,"response_ack_time":62242,"response_time":0,"server":"ECS (frb/675D)","site":"ocsp.digicert.com","src_ip":"10.0.1.14","src_mac":"02:A9:8D:CE:78:9E","src_port":62692,"status":200,"time_taken":1815,"transport":"tcp","uri_path":"/","vxlan_id":8359286}
{"endtime":"2021-04-22T11:37:56.468408Z","timestamp":"2021-04-22T11:37:56.104703Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"92d2f9ce-bd5f-47b8-aed3-15cc0e96de95","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":320,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49948,"status":200,"time_taken":363981,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:56.567983Z","timestamp":"2021-04-22T11:37:56.206933Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"52817a62-90f0-4418-a093-3efe15aba865","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":166,"response_time":67,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49382,"status":200,"time_taken":361267,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:37:59.942560Z","timestamp":"2021-04-22T11:37:59.941815Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219872","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219872 HTTP/1.1","request_ack_time":745,"request_time":0,"response_ack_time":28785,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":745,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219872"}
{"endtime":"2021-04-22T11:38:01.254729Z","timestamp":"2021-04-22T11:38:01.253913Z","bytes":1882,"bytes_in":726,"bytes_out":1156,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037506","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037506 HTTP/1.1","request_ack_time":816,"request_time":0,"response_ack_time":26864,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":816,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037506"}
{"endtime":"2021-04-22T11:38:01.260116Z","timestamp":"2021-04-22T11:38:01.258644Z","bytes":1667,"bytes_in":908,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1472,"request_time":0,"response_ack_time":25438,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1472,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:38:02.436519Z","timestamp":"2021-04-22T11:38:02.069635Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"e804abbf-3e4f-4213-ac9e-5d6443e56d8d","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":41,"request_time":0,"response_ack_time":185,"response_time":53,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49384,"status":200,"time_taken":367123,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:02.501465Z","timestamp":"2021-04-22T11:38:02.136062Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c7fe1c8d-46fe-4e1e-93ef-d2ead844c1c4","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":44,"request_time":0,"response_ack_time":331,"response_time":51,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49950,"status":200,"time_taken":365744,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:03.379869Z","timestamp":"2021-04-22T11:38:03.378331Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1538,"request_time":0,"response_ack_time":26094,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1538,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:38:07.557179Z","timestamp":"2021-04-22T11:38:07.198485Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"aaf8b918-ca6b-4e05-8478-d8721781846d","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":26,"request_time":0,"response_ack_time":446,"response_time":246,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49951,"status":200,"time_taken":359026,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:07.561624Z","timestamp":"2021-04-22T11:38:07.188155Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a1f069ee-1133-4456-8e21-6777018649b2","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":242,"response_time":35,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49386,"status":200,"time_taken":373705,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:09.942409Z","timestamp":"2021-04-22T11:38:09.941567Z","bytes":1880,"bytes_in":726,"bytes_out":1154,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219873","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219873 HTTP/1.1","request_ack_time":842,"request_time":0,"response_ack_time":30840,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":842,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219873"}
{"endtime":"2021-04-22T11:38:12.575291Z","timestamp":"2021-04-22T11:38:12.214117Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"74e750bd-63dc-4f0e-8f8f-e87f798f1d0c","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":31,"request_time":0,"response_ack_time":323,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49952,"status":200,"time_taken":361529,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:13.435025Z","timestamp":"2021-04-22T11:38:13.063546Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"46695733-b277-4c81-8291-bb75a30d7218","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":55,"request_time":0,"response_ack_time":163,"response_time":51,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49388,"status":200,"time_taken":371776,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:17.598806Z","timestamp":"2021-04-22T11:38:17.245315Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"cc0a5f44-7e88-4fb3-bd45-6d8cc67d5ff7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":319,"response_time":62,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49953,"status":200,"time_taken":353772,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:18.372279Z","timestamp":"2021-04-22T11:38:18.370577Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1702,"request_time":0,"response_ack_time":25928,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1702,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:38:18.549526Z","timestamp":"2021-04-22T11:38:18.186609Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"fe007b7d-1a87-47d6-9319-ccb72294d10d","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":215,"response_time":1660,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49390,"status":200,"time_taken":363114,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:19.949637Z","timestamp":"2021-04-22T11:38:19.948860Z","bytes":1881,"bytes_in":726,"bytes_out":1155,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219874","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219874 HTTP/1.1","request_ack_time":777,"request_time":0,"response_ack_time":26893,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":777,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219874"}
{"endtime":"2021-04-22T11:38:22.614441Z","timestamp":"2021-04-22T11:38:22.260907Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"18cdd786-3ec7-49a4-aeb1-6c9c5d0577e7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":4,"request_time":0,"response_ack_time":292,"response_time":70,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49954,"status":200,"time_taken":353775,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:24.411653Z","timestamp":"2021-04-22T11:38:24.051145Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"364cd693-c6cf-4ec7-9bd6-554b8a3bba81","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":4,"request_time":0,"response_ack_time":242,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49392,"status":200,"time_taken":360663,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:28.395660Z","timestamp":"2021-04-22T11:38:28.027727Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"ac1bdd91-a6f9-4350-9781-433626a33c23","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":324,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49955,"status":200,"time_taken":368209,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:29.526103Z","timestamp":"2021-04-22T11:38:29.163661Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"323a9c8d-520e-4f9a-8108-0bbf3d43d541","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":10,"request_time":0,"response_ack_time":220,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49396,"status":200,"time_taken":362651,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:29.943348Z","timestamp":"2021-04-22T11:38:29.942487Z","bytes":1881,"bytes_in":726,"bytes_out":1155,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219875","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219875 HTTP/1.1","request_ack_time":861,"request_time":0,"response_ack_time":26736,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":861,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219875"}
{"endtime":"2021-04-22T11:38:33.374523Z","timestamp":"2021-04-22T11:38:33.372981Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1542,"request_time":0,"response_ack_time":30082,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1542,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:38:33.422747Z","timestamp":"2021-04-22T11:38:33.057745Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"4f5b87cc-ab68-4ebf-a1c8-026dbc27f1a5","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":36,"request_time":0,"response_ack_time":323,"response_time":61,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49956,"status":200,"time_taken":365326,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:35.392488Z","timestamp":"2021-04-22T11:38:35.027949Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c4813c9c-111a-407c-a268-41568159aa0b","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":213,"response_time":63,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49398,"status":200,"time_taken":364764,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:36.143039Z","timestamp":"2021-04-22T11:38:36.143039Z","count":26,"c_ip":"46.128.24.64","sum(bytes_in)":25482,"sum(bytes_out)":77905,"sum(time_taken)":245931}
{"endtime":"2021-04-22T11:38:36.143039Z","timestamp":"2021-04-22T11:38:36.143039Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3996800}
{"endtime":"2021-04-22T11:38:36.143039Z","timestamp":"2021-04-22T11:38:36.143039Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3965329}
{"endtime":"2021-04-22T11:38:36.143113Z","timestamp":"2021-04-22T11:38:36.143113Z","count":48,"dest_ip":"10.0.1.12","sum(time_taken)":8208060}
{"endtime":"2021-04-22T11:38:36.143120Z","timestamp":"2021-04-22T11:38:36.143120Z","count":1,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:38:36.143120Z","timestamp":"2021-04-22T11:38:36.143120Z","count":47,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs","sum(bytes_in)":3149,"sum(bytes_out)":792,"sum(time_taken)":2763}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/summary","sum(bytes_in)":766,"sum(bytes_out)":3799,"sum(time_taken)":29857}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/events","sum(bytes_in)":2131,"sum(bytes_out)":16426,"sum(time_taken)":68724}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control","sum(bytes_in)":1818,"sum(bytes_out)":1518,"sum(time_taken)":3240}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157","sum(bytes_in)":1494,"sum(bytes_out)":5711,"sum(time_taken)":4402}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/summary","sum(bytes_in)":766,"sum(bytes_out)":4717,"sum(time_taken)":5920}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/events","sum(bytes_in)":2131,"sum(bytes_out)":20482,"sum(time_taken)":68404}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091439.156/control","sum(bytes_in)":909,"sum(bytes_out)":759,"sum(time_taken)":1615}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":908,"sum(bytes_out)":759,"sum(time_taken)":1472}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091467.157","sum(bytes_in)":746,"sum(bytes_out)":2259,"sum(time_taken)":1836}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/intentionsparser","sum(bytes_in)":1008,"sum(bytes_out)":896,"sum(time_taken)":4616}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","sum(bytes_in)":739,"sum(bytes_out)":7135,"sum(time_taken)":45131}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":7,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":5082,"sum(bytes_out)":8090,"sum(time_taken)":5275}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":1554,"sum(bytes_out)":1551,"sum(time_taken)":536}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091467.157/timeline","sum(bytes_in)":743,"sum(bytes_out)":1077,"sum(time_taken)":1550}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1538,"sum(bytes_out)":1934,"sum(time_taken)":590}
{"endtime":"2021-04-22T11:38:36.143132Z","timestamp":"2021-04-22T11:38:36.143132Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":21934,"sum(time_taken)":7962129}
{"endtime":"2021-04-22T11:38:39.443595Z","timestamp":"2021-04-22T11:38:39.088970Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c46a1d92-c66a-432d-927e-74aa53273c5e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":310,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49957,"status":200,"time_taken":354881,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:39.940683Z","timestamp":"2021-04-22T11:38:39.939930Z","bytes":1881,"bytes_in":726,"bytes_out":1155,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219876","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219876 HTTP/1.1","request_ack_time":753,"request_time":0,"response_ack_time":28615,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":753,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219876"}
{"endtime":"2021-04-22T11:38:39.948696Z","timestamp":"2021-04-22T11:38:39.947918Z","bytes":1736,"bytes_in":769,"bytes_out":967,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219877","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219877 HTTP/1.1","request_ack_time":778,"request_time":0,"response_ack_time":26998,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":778,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219877"}
{"endtime":"2021-04-22T11:38:40.510308Z","timestamp":"2021-04-22T11:38:40.144315Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"6fb4a8d5-2510-4799-b25b-dddbdaa02e5b","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":194,"response_time":51,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49400,"status":200,"time_taken":366212,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:45.476653Z","timestamp":"2021-04-22T11:38:45.120374Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"2fb2e3fa-0c84-4f29-88b9-ad06cc8ff6f3","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":292,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49958,"status":200,"time_taken":356640,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:45.617902Z","timestamp":"2021-04-22T11:38:45.261958Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"0d8ce6f6-52ad-4ab0-939b-b6afda6b0a82","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":35,"request_time":0,"response_ack_time":208,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49402,"status":200,"time_taken":356182,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:48.373036Z","timestamp":"2021-04-22T11:38:48.371270Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1766,"request_time":0,"response_ack_time":27920,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1766,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:38:49.944073Z","timestamp":"2021-04-22T11:38:49.943472Z","bytes":1881,"bytes_in":726,"bytes_out":1155,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219878","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219878 HTTP/1.1","request_ack_time":601,"request_time":0,"response_ack_time":25698,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":601,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219878"}
{"endtime":"2021-04-22T11:38:50.493403Z","timestamp":"2021-04-22T11:38:50.135854Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a75dbb8a-467f-4da1-a0c6-8149833e1930","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":320,"response_time":44,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49959,"status":200,"time_taken":357795,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:51.486929Z","timestamp":"2021-04-22T11:38:51.119464Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"76fc9540-aa0d-4cae-a485-e708abe9d972","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":9,"request_time":0,"response_ack_time":247,"response_time":53,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49404,"status":200,"time_taken":367711,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:55.551749Z","timestamp":"2021-04-22T11:38:55.198493Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"2eb82778-e6e3-4595-b863-4d65086ff839","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":38,"request_time":0,"response_ack_time":324,"response_time":46,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49960,"status":200,"time_taken":353667,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:56.609332Z","timestamp":"2021-04-22T11:38:56.238638Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"60d87c79-c29d-4b37-81cb-d455cc4a2616","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":221,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49406,"status":200,"time_taken":370865,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:38:59.950607Z","timestamp":"2021-04-22T11:38:59.949671Z","bytes":1881,"bytes_in":726,"bytes_out":1155,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219879","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219879 HTTP/1.1","request_ack_time":936,"request_time":0,"response_ack_time":28227,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":936,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219879"}
{"endtime":"2021-04-22T11:39:00.604554Z","timestamp":"2021-04-22T11:39:00.245331Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a1982168-1e2d-4668-9b03-7f938af59018","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":359,"response_time":76,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49961,"status":200,"time_taken":359541,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:01.256007Z","timestamp":"2021-04-22T11:39:01.255731Z","bytes":1736,"bytes_in":769,"bytes_out":967,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037508","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037508 HTTP/1.1","request_ack_time":276,"request_time":0,"response_ack_time":26948,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":276,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037508"}
{"endtime":"2021-04-22T11:39:01.256231Z","timestamp":"2021-04-22T11:39:01.255584Z","bytes":1882,"bytes_in":726,"bytes_out":1156,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037507","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037507 HTTP/1.1","request_ack_time":647,"request_time":0,"response_ack_time":26771,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":647,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037507"}
{"endtime":"2021-04-22T11:39:01.257206Z","timestamp":"2021-04-22T11:39:01.255584Z","bytes":1667,"bytes_in":908,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1622,"request_time":0,"response_ack_time":25796,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1622,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:39:02.477357Z","timestamp":"2021-04-22T11:39:02.111150Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"5d04b945-864c-44ba-b9c0-65b0a1136396","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":28,"request_time":0,"response_ack_time":173,"response_time":63,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49408,"status":200,"time_taken":366449,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:03.369194Z","timestamp":"2021-04-22T11:39:03.367592Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1602,"request_time":0,"response_ack_time":24084,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1602,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:39:06.451666Z","timestamp":"2021-04-22T11:39:06.089009Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"8f53e836-baca-49c1-91e8-8e7128682239","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":348,"response_time":54,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49963,"status":200,"time_taken":362932,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:07.597100Z","timestamp":"2021-04-22T11:39:07.228919Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"060bdbd8-8335-48a4-8780-8ed37119374c","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":163,"response_time":52,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49410,"status":200,"time_taken":368379,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:09.943410Z","timestamp":"2021-04-22T11:39:09.942620Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219880","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219880 HTTP/1.1","request_ack_time":790,"request_time":0,"response_ack_time":26996,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":790,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219880"}
{"endtime":"2021-04-22T11:39:11.475173Z","timestamp":"2021-04-22T11:39:11.120169Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"02cb6a67-6492-4c14-9a5c-70c70f78f344","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":391,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49964,"status":200,"time_taken":355275,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:13.463606Z","timestamp":"2021-04-22T11:39:13.099262Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"41baea16-4fdc-4b71-9cb4-73e41448d744","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":39,"request_time":0,"response_ack_time":166,"response_time":51,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49412,"status":200,"time_taken":364636,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:17.520161Z","timestamp":"2021-04-22T11:39:17.167043Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"e2debe4b-d77a-43b0-b695-08cde07745d7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":309,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49965,"status":200,"time_taken":353343,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:18.371723Z","timestamp":"2021-04-22T11:39:18.369995Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1728,"request_time":0,"response_ack_time":25941,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1728,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:39:18.580646Z","timestamp":"2021-04-22T11:39:18.215196Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"63ad18c2-c58b-4d3c-973c-db7f4977de39","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":9,"request_time":0,"response_ack_time":285,"response_time":60,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49414,"status":200,"time_taken":365728,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:19.942875Z","timestamp":"2021-04-22T11:39:19.942224Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219881","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219881 HTTP/1.1","request_ack_time":651,"request_time":0,"response_ack_time":25074,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":651,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219881"}
{"endtime":"2021-04-22T11:39:22.589016Z","timestamp":"2021-04-22T11:39:22.229608Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"71f8d18b-b689-417a-9a7e-6d5df224ad99","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":318,"response_time":53,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49966,"status":200,"time_taken":359669,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:24.451228Z","timestamp":"2021-04-22T11:39:24.082403Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"09ad89e8-4e40-4c10-8288-88256a0031c3","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":38,"request_time":0,"response_ack_time":168,"response_time":1695,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49416,"status":200,"time_taken":369019,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:27.633281Z","timestamp":"2021-04-22T11:39:27.276420Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"065ce112-6089-4b24-9ef5-14c2bcb86b37","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":31,"request_time":0,"response_ack_time":392,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49967,"status":200,"time_taken":357138,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:29.564346Z","timestamp":"2021-04-22T11:39:29.203095Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"3c157393-c79d-4cdd-849f-ce42441d51d6","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":31,"request_time":0,"response_ack_time":187,"response_time":151,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49420,"status":200,"time_taken":361473,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:29.938559Z","timestamp":"2021-04-22T11:39:29.937808Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219882","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219882 HTTP/1.1","request_ack_time":751,"request_time":0,"response_ack_time":28937,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":751,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219882"}
{"endtime":"2021-04-22T11:39:33.369906Z","timestamp":"2021-04-22T11:39:33.368358Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1548,"request_time":0,"response_ack_time":26135,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1548,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:39:33.449356Z","timestamp":"2021-04-22T11:39:33.088948Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"552176bc-be07-4c6f-9de2-6a5683f8fde4","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":289,"response_time":65,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49968,"status":200,"time_taken":360689,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:35.427442Z","timestamp":"2021-04-22T11:39:35.066060Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"5998fd3e-4df1-4570-848b-0a511e31ec77","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":34,"request_time":0,"response_ack_time":149,"response_time":141,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49422,"status":200,"time_taken":361603,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:36.178417Z","timestamp":"2021-04-22T11:39:36.178417Z","count":16,"c_ip":"46.128.24.64","sum(bytes_in)":12613,"sum(bytes_out)":18391,"sum(time_taken)":48135}
{"endtime":"2021-04-22T11:39:36.178417Z","timestamp":"2021-04-22T11:39:36.178417Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4018257}
{"endtime":"2021-04-22T11:39:36.178417Z","timestamp":"2021-04-22T11:39:36.178417Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3931570}
{"endtime":"2021-04-22T11:39:36.178496Z","timestamp":"2021-04-22T11:39:36.178496Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":7997962}
{"endtime":"2021-04-22T11:39:36.178503Z","timestamp":"2021-04-22T11:39:36.178503Z","count":38,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:39:36.178510Z","timestamp":"2021-04-22T11:39:36.178510Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/summary","sum(bytes_in)":766,"sum(bytes_out)":3799,"sum(time_taken)":5656}
{"endtime":"2021-04-22T11:39:36.178510Z","timestamp":"2021-04-22T11:39:36.178510Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control","sum(bytes_in)":3636,"sum(bytes_out)":3036,"sum(time_taken)":6638}
{"endtime":"2021-04-22T11:39:36.178510Z","timestamp":"2021-04-22T11:39:36.178510Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":908,"sum(bytes_out)":759,"sum(time_taken)":1622}
{"endtime":"2021-04-22T11:39:36.178510Z","timestamp":"2021-04-22T11:39:36.178510Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/static/appLogo.png","sum(bytes_in)":680,"sum(bytes_out)":768,"sum(time_taken)":27948}
{"endtime":"2021-04-22T11:39:36.178510Z","timestamp":"2021-04-22T11:39:36.178510Z","count":7,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":5082,"sum(bytes_out)":8092,"sum(time_taken)":5298}
{"endtime":"2021-04-22T11:39:36.178510Z","timestamp":"2021-04-22T11:39:36.178510Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1541,"sum(bytes_out)":1937,"sum(time_taken)":973}
{"endtime":"2021-04-22T11:39:36.178510Z","timestamp":"2021-04-22T11:39:36.178510Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":21934,"sum(time_taken)":7949827}
{"endtime":"2021-04-22T11:39:39.505068Z","timestamp":"2021-04-22T11:39:39.135872Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d20cf9ba-3281-4eef-b967-1b19dc1d7613","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":473,"response_time":52,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49969,"status":200,"time_taken":369546,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:39.944379Z","timestamp":"2021-04-22T11:39:39.943556Z","bytes":1881,"bytes_in":726,"bytes_out":1155,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219883","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219883 HTTP/1.1","request_ack_time":823,"request_time":0,"response_ack_time":28944,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":823,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219883"}
{"endtime":"2021-04-22T11:39:39.947586Z","timestamp":"2021-04-22T11:39:39.947365Z","bytes":1736,"bytes_in":769,"bytes_out":967,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219884","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219884 HTTP/1.1","request_ack_time":221,"request_time":0,"response_ack_time":25749,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":221,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219884"}
{"endtime":"2021-04-22T11:39:40.543703Z","timestamp":"2021-04-22T11:39:40.178973Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"441a08d5-7ca3-43ee-b089-e038a066bb03","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":189,"response_time":1676,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49424,"status":200,"time_taken":364938,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:44.573492Z","timestamp":"2021-04-22T11:39:44.213935Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"004d7f9f-180c-4c4c-9452-474e365e4ea8","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":435,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49970,"status":200,"time_taken":359819,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:46.414955Z","timestamp":"2021-04-22T11:39:46.045517Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"597bed96-cb58-41fb-b74b-b06e01511a36","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":38,"request_time":0,"response_ack_time":218,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49426,"status":200,"time_taken":369709,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:48.372215Z","timestamp":"2021-04-22T11:39:48.370367Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1848,"request_time":0,"response_ack_time":28343,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1848,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:39:49.620399Z","timestamp":"2021-04-22T11:39:49.260849Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"5ad2f5b6-8043-4fbc-96f4-5ee5b06a8556","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":533,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49971,"status":200,"time_taken":359859,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:49.953616Z","timestamp":"2021-04-22T11:39:49.952967Z","bytes":1881,"bytes_in":726,"bytes_out":1155,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219885","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219885 HTTP/1.1","request_ack_time":649,"request_time":0,"response_ack_time":25064,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":649,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219885"}
{"endtime":"2021-04-22T11:39:50.145234Z","timestamp":"2021-04-22T11:39:50.145234Z","count":1,"dest_ip":"93.184.220.29","site":"ocsp.digicert.com","status":200,"uri_path":"/","sum(bytes_in)":381,"sum(bytes_out)":799,"sum(time_taken)":1815}
{"endtime":"2021-04-22T11:39:50.145228Z","timestamp":"2021-04-22T11:39:50.145228Z","count":1,"dest_ip":"93.184.220.29","status":200}
{"endtime":"2021-04-22T11:39:50.145221Z","timestamp":"2021-04-22T11:39:50.145221Z","count":1,"dest_ip":"93.184.220.29","sum(time_taken)":1815}
{"endtime":"2021-04-22T11:39:50.145198Z","timestamp":"2021-04-22T11:39:50.145198Z","count":1,"c_ip":"10.0.1.14","sum(bytes_in)":381,"sum(bytes_out)":799,"sum(time_taken)":1815}
{"endtime":"2021-04-22T11:39:51.532491Z","timestamp":"2021-04-22T11:39:51.166565Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c0022446-c684-4108-9746-968b8b363c9e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":171,"response_time":54,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49428,"status":200,"time_taken":366125,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:55.445559Z","timestamp":"2021-04-22T11:39:55.089030Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"1721a661-1ebe-4c7b-bf51-1a71ba02aabf","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":39,"request_time":0,"response_ack_time":419,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49972,"status":200,"time_taken":356942,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:57.398340Z","timestamp":"2021-04-22T11:39:57.034493Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a05a99d9-746d-4f3f-bff9-a67d3e125798","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":63,"request_time":0,"response_ack_time":215,"response_time":48,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49430,"status":200,"time_taken":364137,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:39:59.947319Z","timestamp":"2021-04-22T11:39:59.946600Z","bytes":1883,"bytes_in":726,"bytes_out":1157,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219886","http_comment":"HTTP/1.1 200 OK","http_content_length":415,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219886 HTTP/1.1","request_ack_time":719,"request_time":0,"response_ack_time":31243,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":719,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219886"}
{"endtime":"2021-04-22T11:40:01.473275Z","timestamp":"2021-04-22T11:40:01.104476Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72b7c754-05b1-409c-a207-d9c4648adb9c","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":295,"response_time":90,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49974,"status":200,"time_taken":369036,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:02.526346Z","timestamp":"2021-04-22T11:40:02.149981Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"5e25524f-7356-4c5a-b675-3cacae163b22","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":32,"request_time":0,"response_ack_time":195,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49432,"status":200,"time_taken":376607,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:03.372162Z","timestamp":"2021-04-22T11:40:03.370473Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1689,"request_time":0,"response_ack_time":26656,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1689,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:40:06.503037Z","timestamp":"2021-04-22T11:40:06.136101Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"1bbc8fc7-308e-4d49-aad2-4d607f670dfc","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":383,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49975,"status":200,"time_taken":367462,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:08.385886Z","timestamp":"2021-04-22T11:40:08.028146Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"5c85617e-3c97-443e-8ff6-5171fe987f44","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":37,"request_time":0,"response_ack_time":216,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49434,"status":200,"time_taken":357939,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:09.940906Z","timestamp":"2021-04-22T11:40:09.940154Z","bytes":1882,"bytes_in":726,"bytes_out":1156,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219887","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219887 HTTP/1.1","request_ack_time":752,"request_time":0,"response_ack_time":33009,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":752,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219887"}
{"endtime":"2021-04-22T11:40:11.531308Z","timestamp":"2021-04-22T11:40:11.167357Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c266a161-3451-4661-beba-2c015dcb75a3","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":318,"response_time":43,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49976,"status":200,"time_taken":364187,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:13.495884Z","timestamp":"2021-04-22T11:40:13.137452Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a30b5315-9d40-4886-b051-ebf32f63d55a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":181,"response_time":91,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49436,"status":200,"time_taken":358621,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:16.566743Z","timestamp":"2021-04-22T11:40:16.214016Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"2115923b-2d70-4208-b70b-972ed5c9cf65","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":42,"request_time":0,"response_ack_time":1232,"response_time":48,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49977,"status":200,"time_taken":353114,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:18.433244Z","timestamp":"2021-04-22T11:40:18.431559Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1685,"request_time":0,"response_ack_time":26032,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1685,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:40:18.609110Z","timestamp":"2021-04-22T11:40:18.247541Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"8eeecc18-86fe-47c9-9b40-565d70b491d8","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":185,"response_time":43,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49438,"status":200,"time_taken":361812,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:19.942327Z","timestamp":"2021-04-22T11:40:19.941774Z","bytes":1882,"bytes_in":726,"bytes_out":1156,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219888","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219888 HTTP/1.1","request_ack_time":553,"request_time":0,"response_ack_time":25140,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":553,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219888"}
{"endtime":"2021-04-22T11:40:22.328878Z","timestamp":"2021-04-22T11:40:22.328575Z","bytes":1736,"bytes_in":769,"bytes_out":967,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037510","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037510 HTTP/1.1","request_ack_time":303,"request_time":0,"response_ack_time":27013,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":303,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037510"}
{"endtime":"2021-04-22T11:40:22.329043Z","timestamp":"2021-04-22T11:40:22.328307Z","bytes":1880,"bytes_in":726,"bytes_out":1154,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037509","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037509 HTTP/1.1","request_ack_time":736,"request_time":0,"response_ack_time":26906,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":736,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037509"}
{"endtime":"2021-04-22T11:40:22.329792Z","timestamp":"2021-04-22T11:40:22.328334Z","bytes":1667,"bytes_in":908,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1458,"request_time":0,"response_ack_time":26157,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1458,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:40:22.587946Z","timestamp":"2021-04-22T11:40:22.229556Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"f23bf8a2-2c16-4589-8092-8ade65660751","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":280,"response_time":47,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49978,"status":200,"time_taken":358659,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:24.473433Z","timestamp":"2021-04-22T11:40:24.110804Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"b3ff0470-f009-4c61-804a-3c2c74aa34d8","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":287,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49440,"status":200,"time_taken":362802,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:27.601671Z","timestamp":"2021-04-22T11:40:27.245264Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"5374a0b4-08c4-42d5-ba47-0ab04d456903","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":13,"request_time":0,"response_ack_time":334,"response_time":67,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49979,"status":200,"time_taken":356708,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:29.597544Z","timestamp":"2021-04-22T11:40:29.225391Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"99760477-e754-475a-966c-90da840b0ba5","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":43,"request_time":0,"response_ack_time":218,"response_time":78,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49444,"status":200,"time_taken":372410,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:29.952003Z","timestamp":"2021-04-22T11:40:29.951301Z","bytes":1882,"bytes_in":726,"bytes_out":1156,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219889","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219889 HTTP/1.1","request_ack_time":702,"request_time":0,"response_ack_time":27039,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":702,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219889"}
{"endtime":"2021-04-22T11:40:32.623846Z","timestamp":"2021-04-22T11:40:32.260900Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"eeed36c1-9c07-40b5-bcdc-189990033080","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":41,"request_time":0,"response_ack_time":428,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49980,"status":200,"time_taken":363326,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:33.371847Z","timestamp":"2021-04-22T11:40:33.370122Z","bytes":1668,"bytes_in":909,"bytes_out":759,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1725,"request_time":0,"response_ack_time":27789,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1725,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:40:35.463698Z","timestamp":"2021-04-22T11:40:35.099212Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"3bbf6c38-0690-4c9a-9c3e-e612d2b26430","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":205,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49446,"status":200,"time_taken":364682,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:36.212056Z","timestamp":"2021-04-22T11:40:36.212056Z","count":14,"c_ip":"46.128.24.64","sum(bytes_in)":10982,"sum(bytes_out)":14215,"sum(time_taken)":12848}
{"endtime":"2021-04-22T11:40:36.212056Z","timestamp":"2021-04-22T11:40:36.212056Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4019782}
{"endtime":"2021-04-22T11:40:36.212056Z","timestamp":"2021-04-22T11:40:36.212056Z","count":11,"c_ip":"10.0.1.15","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":3978658}
{"endtime":"2021-04-22T11:40:36.212114Z","timestamp":"2021-04-22T11:40:36.212114Z","count":36,"dest_ip":"10.0.1.12","sum(time_taken)":8011288}
{"endtime":"2021-04-22T11:40:36.212121Z","timestamp":"2021-04-22T11:40:36.212121Z","count":36,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:40:36.212128Z","timestamp":"2021-04-22T11:40:36.212128Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control","sum(bytes_in)":3636,"sum(bytes_out)":3036,"sum(time_taken)":6770}
{"endtime":"2021-04-22T11:40:36.212128Z","timestamp":"2021-04-22T11:40:36.212128Z","count":8,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":5808,"sum(bytes_out)":9245,"sum(time_taken)":5581}
{"endtime":"2021-04-22T11:40:36.212128Z","timestamp":"2021-04-22T11:40:36.212128Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1538,"sum(bytes_out)":1934,"sum(time_taken)":497}
{"endtime":"2021-04-22T11:40:36.212128Z","timestamp":"2021-04-22T11:40:36.212128Z","count":22,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3674,"sum(bytes_out)":21934,"sum(time_taken)":7998440}
{"endtime":"2021-04-22T11:40:38.477770Z","timestamp":"2021-04-22T11:40:38.120261Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a2b677f1-3d7a-44ea-8d2e-73c990573cdb","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":43,"request_time":0,"response_ack_time":377,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49981,"status":200,"time_taken":357933,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:39.940543Z","timestamp":"2021-04-22T11:40:39.939787Z","bytes":1880,"bytes_in":726,"bytes_out":1154,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219890","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219890 HTTP/1.1","request_ack_time":756,"request_time":0,"response_ack_time":28125,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":756,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219890"}
{"endtime":"2021-04-22T11:40:39.949167Z","timestamp":"2021-04-22T11:40:39.948955Z","bytes":1736,"bytes_in":769,"bytes_out":967,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219891","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219891 HTTP/1.1","request_ack_time":212,"request_time":0,"response_ack_time":27519,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":212,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219891"}
{"endtime":"2021-04-22T11:40:40.583168Z","timestamp":"2021-04-22T11:40:40.215287Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"3f2f2663-7f6d-44e7-a952-605d0ba53bb7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":231,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49448,"status":200,"time_taken":368123,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:43.537820Z","timestamp":"2021-04-22T11:40:43.182860Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"f350b554-8131-4138-9202-8a757a69bef3","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":797,"response_time":54,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49982,"status":200,"time_taken":355315,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:46.456526Z","timestamp":"2021-04-22T11:40:46.084904Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"fb7dc5b1-a90b-433f-a416-73158899a1ea","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":521,"response_time":62,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49450,"status":200,"time_taken":372012,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:48.430007Z","timestamp":"2021-04-22T11:40:48.428213Z","bytes":1665,"bytes_in":909,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=WkTi9LPJeqToroA2wg11VM2YWc798rBDkHpXW9Vm1ODn5Pja9MHAzGLUJXt9POidReBAbCZIcFyblt0YOUr8QWudVwY6Lna5U9pKasB4GUYvZ2rmm0p62pxl2HyXOeuZZsZBdzo","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1794,"request_time":0,"response_ack_time":27987,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1794,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:40:48.580514Z","timestamp":"2021-04-22T11:40:48.214118Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"e9f19924-63a2-4725-8235-3ef06449528c","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":12,"request_time":0,"response_ack_time":403,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49983,"status":200,"time_taken":366664,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:49.943150Z","timestamp":"2021-04-22T11:40:49.942532Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219892","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219892 HTTP/1.1","request_ack_time":618,"request_time":0,"response_ack_time":25113,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":618,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219892"}
{"endtime":"2021-04-22T11:40:51.572452Z","timestamp":"2021-04-22T11:40:51.208056Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"1c0b210c-f041-4fca-a6d2-8857adb1a46c","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":190,"response_time":46,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49452,"status":200,"time_taken":364604,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:54.428813Z","timestamp":"2021-04-22T11:40:54.073441Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"823375c9-283e-4910-9bb2-7444edc372f5","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":9,"request_time":0,"response_ack_time":374,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49984,"status":200,"time_taken":355620,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:57.437523Z","timestamp":"2021-04-22T11:40:57.074145Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"b9c1099a-ee0f-4874-8139-9d2f20d1a00d","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":39,"request_time":0,"response_ack_time":263,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49454,"status":200,"time_taken":363625,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:40:59.952956Z","timestamp":"2021-04-22T11:40:59.952136Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219893","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219893 HTTP/1.1","request_ack_time":820,"request_time":0,"response_ack_time":26898,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":820,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219893"}
{"endtime":"2021-04-22T11:41:00.493131Z","timestamp":"2021-04-22T11:41:00.138416Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d566566b-fe28-4842-bc86-cd7f198ca63f","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":44,"request_time":0,"response_ack_time":491,"response_time":24,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49985,"status":200,"time_taken":356776,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:02.558190Z","timestamp":"2021-04-22T11:41:02.189014Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a3b1b001-4255-494b-a9a0-165cf0a3a6f1","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":27,"request_time":0,"response_ack_time":139,"response_time":62,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49456,"status":200,"time_taken":369370,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:03.378905Z","timestamp":"2021-04-22T11:41:03.377257Z","bytes":1662,"bytes_in":906,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1648,"request_time":0,"response_ack_time":29454,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1648,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:41:06.465849Z","timestamp":"2021-04-22T11:41:06.104638Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"bc6b64f4-ff73-4534-b1eb-74047d52e0a7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":475,"response_time":58,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49987,"status":200,"time_taken":361573,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:08.426649Z","timestamp":"2021-04-22T11:41:08.059908Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"594e539f-52cb-4ba2-a487-5bcbf1953ef9","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":222,"response_time":48,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49458,"status":200,"time_taken":366962,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:09.944507Z","timestamp":"2021-04-22T11:41:09.943705Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219894","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219894 HTTP/1.1","request_ack_time":802,"request_time":0,"response_ack_time":26507,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":802,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219894"}
{"endtime":"2021-04-22T11:41:11.472964Z","timestamp":"2021-04-22T11:41:11.120230Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"33f0a4dd-2181-44e4-baf7-fc6bb535ef84","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":380,"response_time":45,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49988,"status":200,"time_taken":353014,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:11.998739Z","timestamp":"2021-04-22T11:41:11.998004Z","bytes":1874,"bytes_in":723,"bytes_out":1151,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037511","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037511 HTTP/1.1","request_ack_time":735,"request_time":0,"response_ack_time":25076,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":735,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037511"}
{"endtime":"2021-04-22T11:41:12.002642Z","timestamp":"2021-04-22T11:41:12.002398Z","bytes":1730,"bytes_in":766,"bytes_out":964,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037512","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037512 HTTP/1.1","request_ack_time":244,"request_time":0,"response_ack_time":27125,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":244,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037512"}
{"endtime":"2021-04-22T11:41:12.003755Z","timestamp":"2021-04-22T11:41:12.002315Z","bytes":1661,"bytes_in":905,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1440,"request_time":0,"response_ack_time":26040,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1440,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:41:13.544028Z","timestamp":"2021-04-22T11:41:13.178081Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"6948cbe6-b975-4015-aec7-8d528656657b","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":24,"request_time":0,"response_ack_time":164,"response_time":42,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49460,"status":200,"time_taken":366146,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:16.510610Z","timestamp":"2021-04-22T11:41:16.151556Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"e158480f-24f0-4a48-9e86-8cec36667a1e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":54,"request_time":0,"response_ack_time":380,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49989,"status":200,"time_taken":359403,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:18.372873Z","timestamp":"2021-04-22T11:41:18.371125Z","bytes":1662,"bytes_in":906,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1748,"request_time":0,"response_ack_time":25878,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1748,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:41:19.413014Z","timestamp":"2021-04-22T11:41:19.045718Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"54a9e34e-65a9-4a5c-b7b1-3de34eb57f9b","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":146,"response_time":113,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49462,"status":200,"time_taken":367539,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:19.941913Z","timestamp":"2021-04-22T11:41:19.941316Z","bytes":1874,"bytes_in":723,"bytes_out":1151,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219895","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219895 HTTP/1.1","request_ack_time":597,"request_time":0,"response_ack_time":31154,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":597,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219895"}
{"endtime":"2021-04-22T11:41:21.537943Z","timestamp":"2021-04-22T11:41:21.182682Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d64696b3-764d-4015-ae39-81b9269b5de2","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":372,"response_time":82,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49990,"status":200,"time_taken":355546,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:24.530393Z","timestamp":"2021-04-22T11:41:24.164463Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"e5727b61-0bb2-4ec9-9e8c-84eb6f46ea15","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":12,"request_time":0,"response_ack_time":211,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49464,"status":200,"time_taken":366125,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:26.559606Z","timestamp":"2021-04-22T11:41:26.198362Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"7290cbbe-816d-4071-9a67-3ecff16a8efb","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":279,"response_time":56,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49991,"status":200,"time_taken":361529,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:29.941649Z","timestamp":"2021-04-22T11:41:29.940904Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219896","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219896 HTTP/1.1","request_ack_time":745,"request_time":0,"response_ack_time":28968,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":745,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219896"}
{"endtime":"2021-04-22T11:41:30.392189Z","timestamp":"2021-04-22T11:41:30.032360Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"b29dcbaa-322f-4520-b701-cc7fd92d134e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":26,"request_time":0,"response_ack_time":183,"response_time":204,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49468,"status":200,"time_taken":360052,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:31.603001Z","timestamp":"2021-04-22T11:41:31.245437Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"65aae8ad-b0e8-4b74-855a-3e39fe139996","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":389,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49992,"status":200,"time_taken":357912,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:33.377137Z","timestamp":"2021-04-22T11:41:33.375487Z","bytes":1662,"bytes_in":906,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1650,"request_time":0,"response_ack_time":26018,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1650,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:41:35.501980Z","timestamp":"2021-04-22T11:41:35.143612Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a336ce43-d7c7-417f-b341-b7cd0cd27c5f","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":162,"response_time":50,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49470,"status":200,"time_taken":358562,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:36.634603Z","timestamp":"2021-04-22T11:41:36.276400Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"4417148a-d197-4a77-b15a-0a99d17be614","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":398,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49993,"status":200,"time_taken":358455,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:37.008089Z","timestamp":"2021-04-22T11:41:37.008089Z","count":15,"c_ip":"46.128.24.64","sum(bytes_in)":12233,"sum(bytes_out)":14155,"sum(time_taken)":16309}
{"endtime":"2021-04-22T11:41:37.008089Z","timestamp":"2021-04-22T11:41:37.008089Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4023120}
{"endtime":"2021-04-22T11:41:37.008089Z","timestamp":"2021-04-22T11:41:37.008089Z","count":12,"c_ip":"10.0.1.15","sum(bytes_in)":2004,"sum(bytes_out)":11964,"sum(time_taken)":4299740}
{"endtime":"2021-04-22T11:41:37.008159Z","timestamp":"2021-04-22T11:41:37.008159Z","count":38,"dest_ip":"10.0.1.12","sum(time_taken)":8339169}
{"endtime":"2021-04-22T11:41:37.008167Z","timestamp":"2021-04-22T11:41:37.008167Z","count":38,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:41:37.008173Z","timestamp":"2021-04-22T11:41:37.008173Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control","sum(bytes_in)":3630,"sum(bytes_out)":3027,"sum(time_taken)":6915}
{"endtime":"2021-04-22T11:41:37.008173Z","timestamp":"2021-04-22T11:41:37.008173Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":2724,"sum(bytes_out)":2277,"sum(time_taken)":4541}
{"endtime":"2021-04-22T11:41:37.008173Z","timestamp":"2021-04-22T11:41:37.008173Z","count":6,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":4341,"sum(bytes_out)":6917,"sum(time_taken)":4338}
{"endtime":"2021-04-22T11:41:37.008173Z","timestamp":"2021-04-22T11:41:37.008173Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":1538,"sum(bytes_out)":1934,"sum(time_taken)":515}
{"endtime":"2021-04-22T11:41:37.008173Z","timestamp":"2021-04-22T11:41:37.008173Z","count":23,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3841,"sum(bytes_out)":22931,"sum(time_taken)":8322860}
{"endtime":"2021-04-22T11:41:39.945261Z","timestamp":"2021-04-22T11:41:39.944520Z","bytes":1875,"bytes_in":723,"bytes_out":1152,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219897","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219897 HTTP/1.1","request_ack_time":741,"request_time":0,"response_ack_time":28996,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":741,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219897"}
{"endtime":"2021-04-22T11:41:39.948667Z","timestamp":"2021-04-22T11:41:39.948433Z","bytes":1730,"bytes_in":766,"bytes_out":964,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219898","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219898 HTTP/1.1","request_ack_time":234,"request_time":0,"response_ack_time":25590,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":234,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219898"}
{"endtime":"2021-04-22T11:41:40.608622Z","timestamp":"2021-04-22T11:41:40.253643Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"0613fa19-7951-423b-89a5-06011a05c244","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":229,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49472,"status":200,"time_taken":355143,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:42.443458Z","timestamp":"2021-04-22T11:41:42.088957Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d847b598-826b-4150-aed7-753aa06f06b7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":351,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49994,"status":200,"time_taken":354756,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:46.468443Z","timestamp":"2021-04-22T11:41:46.110464Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c4150768-2c63-4f69-85ee-e67b46dc5c35","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":62,"request_time":0,"response_ack_time":184,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49474,"status":200,"time_taken":358217,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:47.468154Z","timestamp":"2021-04-22T11:41:47.104593Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"63197d61-9655-4ef4-9ca8-dcb5aeaf1f8f","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":438,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49995,"status":200,"time_taken":363801,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:48.377539Z","timestamp":"2021-04-22T11:41:48.375883Z","bytes":1662,"bytes_in":906,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control HTTP/1.1","request_ack_time":1656,"request_time":0,"response_ack_time":30038,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1656,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control"}
{"endtime":"2021-04-22T11:41:49.942668Z","timestamp":"2021-04-22T11:41:49.942030Z","bytes":1875,"bytes_in":723,"bytes_out":1152,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219899","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219899 HTTP/1.1","request_ack_time":638,"request_time":0,"response_ack_time":25146,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":638,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219899"}
{"endtime":"2021-04-22T11:41:51.582915Z","timestamp":"2021-04-22T11:41:51.219952Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"4fc156b7-660d-4e44-96d9-f8ef26f2d138","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":38,"request_time":0,"response_ack_time":166,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49476,"status":200,"time_taken":363165,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:52.519296Z","timestamp":"2021-04-22T11:41:52.151500Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"338dbd3f-d69b-49e2-8eb2-678d9c1fc3cd","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":289,"response_time":51,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49996,"status":200,"time_taken":368142,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:53.417670Z","timestamp":"2021-04-22T11:41:53.416601Z","bytes":393,"bytes_in":256,"bytes_out":137,"dest_ip":"10.0.1.16","dest_mac":"02:24:CD:58:40:1C","dest_port":80,"flow_id":"4fed3bdb-31a9-4079-bfe9-3727499ebc49","form_data":"pwd=123456&username=user_john","http_comment":"HTTP/1.0 200 OK","http_content_type":"text/html","http_method":"POST","http_user_agent":"Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.14393.4350","protocol_stack":"ip:tcp:http:ms_psrp","request":"POST /foo HTTP/1.1","request_ack_time":96,"request_time":177,"response_ack_time":29,"response_time":25,"server":"BaseHTTP/0.6 Python/3.8.6","site":"10.0.1.16","src_ip":"10.0.1.14","src_mac":"02:A9:8D:CE:78:9E","src_port":62045,"status":200,"time_taken":3192,"transport":"tcp","uri_path":"/foo","vxlan_id":8359286}
{"endtime":"2021-04-22T11:41:53.478306Z","timestamp":"2021-04-22T11:41:53.477178Z","bytes":5303,"bytes_in":5108,"bytes_out":195,"dest_ip":"10.0.1.16","dest_mac":"02:24:CD:58:40:1C","dest_port":80,"flow_id":"a08502d7-b6d3-43d5-922b-126fa79b07ca","form_data":"-----WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n\t\t----------------PROCESS LIST----------------\r\n\r\n[System Process]\r\nSystem\r\nsmss.exe\r\ncsrss.exe\r\nwininit.exe\r\ncsrss.exe\r\nwinlogon.exe\r\nservices.exe\r\nlsass.exe\r\nlsm.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\naudiodg.exe\r\nsvchost.exe\r\nspoolsv.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\ntaskhost.exe\r\ndwm.exe\r\nexplorer.exe\r\nSearchIndexer.exe\r\nmscorsvw.exe\r\nmscorsvw.exe\r\nOSPPSVC.EXE\r\ncmd.exe\r\nconhost.exe\r\nwermgr.exe\r\ncmd.exe\r\nconhost.exe\r\ntaskeng.exe\r\ntaskhost.exe\r\nsvchost.exe\r\ndllhost.exe\r\nsvchost.exe\r\n\r\n\r\nproclisttest\r\n-----WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"sysinfo\"\r\n\r\n\t\t----------------SYSTEM_INFO----------------\r\n\r\n\tipconfig /all\r\n\r\n\r\nWindows IP Configuration\r\n\r\n   Host Name . . . . . . . . . . . . : Cincinnati-PC\r\n   Primary Dns Suffix  . . . . . . . : 2thumbsup.net\r\n   Node Type . . . . . . . . . . . . : Hybrid\r\n   IP Routing Enabled. . . . . . . . : No\r\n   WINS Proxy Enabled. . . . . . . . : No\r\n   DNS Suffix Search List. . . . . . : 2thumbsup.net\r\n\r\nEthernet adapter Local Area Connection:\r\n\r\n   Connection-specific DNS Suffix  . : localdomain\r\n   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection\r\n   Physical Address. . . . . . . . . : 00-08-02-1C-47-AE\r\n   DHCP Enabled. . . . . . . . . . . : Yes\r\n   Autoconfiguration Enabled . . . . : Yes\r\n   IPv4 Address. . . . . . . . . . . : 10.6.10.197(Preferred) \r\n   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n   Lease Obtained. . . . . . . . . . : Wednesday, June 10, 2020 8:55:21 PM\r\n   Lease Expires . . . . . . . . . . : Thursday, June 18, 2020 9:01:40 PM\r\n   Default Gateway . . . . . . . . . : 10.6.10.1\r\n   DHCP Server . . . . . . . . . . . : 10.6.10.6\r\n   DNS Servers . . . . . . . . . . . : 10.6.10.6\r\n   NetBIOS over Tcpip. . . . . . . . : Enabled\r\n\r\nTunnel adapter isatap.2thumbsup.net:\r\n\r\n   Media State . . . . . . . . . . . : Media disconnected\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2\r\n   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0\r\n   DHCP Enabled. . . . . . . . . . . : No\r\n   Autoconfiguration Enabled . . . . : Yes\r\n\r\n\r\n\tnet config workstation\r\n\r\nComputer name                        \\\\CINCINNATI-PC\r\nFull Computer name                   Cincinnati-PC.2thumbsup.net\r\nUser name                            jackqueline.northrop\r\n\r\nWorkstation active on                \r\n\tNetBT_Tcpip_{F66E9F09-4E77-8ACb-746D-7212D5EE4FC0} (0008021C47AE)\r\n\r\nSoftware version                     Windows 7 Professional\r\n\r\nWorkstation domain                   2THUMBSUP\r\nWorkstation Domain DNS Name          2thumbsup.net\r\nLogon domain                         2THUMBSUP\r\n\r\nCOM Open Timeout (sec)               0\r\nCOM Send Count (byte)                16\r\nCOM Send Timeout (msec)              250\r\nThe command completed successfully.\r\n\r\n\r\n\r\n\tnet view /all\r\n\r\nSystem error 6118 has occurred.\r\n\r\nThe list of servers for this workgroup is not currently available\r\n\r\n\r\n\r\n\tnet view /all /domain\r\n\r\nSystem error 6118 has occurred.\r\n\r\nThe list of servers for this workgroup is not currently available\r\n\r\n\r\n\r\n\tnltest /domain_trusts\r\n\r\nList of domain trusts:\r\n    0: 2THUMBSUP 2thumbsup.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)\r\nThe command completed successfully\r\n\r\n\r\n\tnltest /domain_trusts /all_trusts\r\n\r\nList of domain trusts:\r\n    0: 2THUMBSUP 2thumbsup.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)\r\nThe command completed successfully\r\n\r\n\r\n\t\t-----------------LOCAL_MACHINE_DATA-----------------\r\n\r\nUser_Name: CN=Jackqueline Northrop,CN=Users,DC=2thumbsup,DC=net\r\nComputer_Name: CN=CINCINNATI-PC,CN=Computers,DC=2thumbsup,DC=net\r\nSite_Name: Default-First-Site-Name\r\nDomain_Shortname: 2THUMBSUP\r\nDomain_Name: 2thumbsup.net\r\nForest_Name: 2thumbsup.net\r\nDomain_Controller: 2thumbsup-DC.2thumbsup.net\r\nForest_Trees:\r\n\t1) 2thumbsup.net\r\n\r\n\r\nUsername: Administrator Username: Guest Username: krbtgt Username: audrey.killam Username: nathaniel.campanero Username: sara.gibbins Username: jackqueline.northrop Username: craig.howlett Username: roberto.stawinsky \r\n\r\nDomain: 2thumbsup-DC.2thumbsup.net\r\n\r\nName: 2thumbsup-DC.2thumbsup.net\r\nName: MINNEAPOLIS-PC.2thumbsup.net\r\nName: SACRAMENTO-PC.2thumbsup.net\r\nName: HILDEBRAND-PC.2thumbsup.net\r\nName: HUNTSVILLE-PC.2thumbsup.net\r\nName: CINCINNATI-PC.2thumbsup.net\r\nName: BATON-ROUGE-PC.2thumbsup.net\r\n\r\n\r\nUsername: Administrator Username: Guest Username: krbtgt Username: audrey.killam Username: nathaniel.campanero Username: sara.gibbins Username: jackqueline.northrop Username: craig.howlett Username: roberto.stawinsky ------------------------------------------------\r\n\r\n\r\n-----WebKitFormBoundary7MA4YWxkTrZu0gW--","http_comment":"HTTP/1.0 200 OK","http_content_type":"text/html","http_method":"POST","http_user_agent":"Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.14393.4350","protocol_stack":"ip:tcp:http:ms_psrp","request":"POST /gi6/CINCINNATI-PC_W617601.723196F318E04CC68194F403520850B8/90 HTTP/1.1","request_ack_time":192,"request_time":31,"response_ack_time":27,"response_time":74,"server":"BaseHTTP/0.6 Python/3.8.6","site":"10.0.1.16","src_ip":"10.0.1.14","src_mac":"02:A9:8D:CE:78:9E","src_port":62046,"status":200,"time_taken":1176,"transport":"tcp","uri_path":"/gi6/CINCINNATI-PC_W617601.723196F318E04CC68194F403520850B8/90","vxlan_id":8359286}
{"endtime":"2021-04-22T11:41:54.061357Z","timestamp":"2021-04-22T11:41:54.061357Z","count":1,"dest_ip":"10.0.1.16","site":"10.0.1.16","status":200,"uri_path":"/gi6/CINCINNATI-PC_W617601.723196F318E04CC68194F403520850B8/90","sum(bytes_in)":5108,"sum(bytes_out)":195,"sum(time_taken)":1176}
{"endtime":"2021-04-22T11:41:54.061357Z","timestamp":"2021-04-22T11:41:54.061357Z","count":1,"dest_ip":"10.0.1.16","site":"10.0.1.16","status":200,"uri_path":"/foo","sum(bytes_in)":256,"sum(bytes_out)":137,"sum(time_taken)":3192}
{"endtime":"2021-04-22T11:41:54.061352Z","timestamp":"2021-04-22T11:41:54.061352Z","count":2,"dest_ip":"10.0.1.16","status":200}
{"endtime":"2021-04-22T11:41:54.061344Z","timestamp":"2021-04-22T11:41:54.061344Z","count":2,"dest_ip":"10.0.1.16","sum(time_taken)":4368}
{"endtime":"2021-04-22T11:41:54.061296Z","timestamp":"2021-04-22T11:41:54.061296Z","count":2,"c_ip":"10.0.1.14","sum(bytes_in)":5364,"sum(bytes_out)":332,"sum(time_taken)":4368}
{"endtime":"2021-04-22T11:41:56.771336Z","timestamp":"2021-04-22T11:41:56.767090Z","bytes":7868,"bytes_in":736,"bytes_out":7132,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219900","http_comment":"HTTP/1.1 200 OK","http_content_length":6392,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new?output_mode=json&_=1619091219900 HTTP/1.1","request_ack_time":4146,"request_time":0,"response_ack_time":27615,"response_time":100,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":31961,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","uri_query":"output_mode=json&_=1619091219900"}
{"endtime":"2021-04-22T11:41:56.815709Z","timestamp":"2021-04-22T11:41:56.811504Z","bytes":3935,"bytes_in":3146,"bytes_out":789,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"rf=*&auto_cancel=30&status_buckets=300&output_mode=json&custom.display.page.search.mode=smart&custom.dispatch.sample_ratio=1&custom.workload_pool=&custom.display.events.fields=[\"host\",\"source\",\"sourcetype\",\"action\",\"app\",\"c_ip\",\"count\",\"date_hour\",\"date_mday\",\"date_minute\",\"date_month\",\"date_second\",\"date_wday\",\"date_year\",\"date_zone\",\"dest\",\"dest_ip\",\"endtime\",\"eventtype\",\"index\",\"linecount\",\"protocol\",\"punct\",\"site\",\"splunk_server\",\"status\",\"sum(bytes_in)\",\"sum(bytes_out)\",\"sum(time_taken)\",\"tag\",\"tag::eventtype\",\"timeendpos\",\"timestamp\",\"timestartpos\",\"uri_path\",\"initial_rtt\",\"query_type\",\"reply_code\",\"reply_code_id\",\"src\",\"src_ip\",\"ssl_cert_md5\",\"ssl_cert_self_signed\",\"ssl_cert_sha1\",\"ssl_cert_sha256\",\"ssl_end_time\",\"ssl_hash\",\"ssl_issuer\",\"ssl_issuer_common_name\",\"ssl_issuer_country\",\"ssl_issuer_email\",\"ssl_issuer_locality\",\"ssl_issuer_organization\",\"ssl_issuer_state\",\"ssl_start_time\",\"ssl_subject\",\"ssl_subject_common_name\",\"ssl_subject_country\",\"ssl_subject_locality\",\"ssl_subject_organization\",\"ssl_subject_state\",\"ssl_subject_unit\",\"ssl_validity_end\",\"ssl_validity_start\",\"sum(bytes)\",\"sum(packets_in)\",\"sum(packets_out)\",\"transport\",\"values(flow_id){}\",\"form_data\",\"http_comment\",\"http_content_length\",\"http_content_type\",\"http_method\",\"http_user_agent\",\"request\",\"request_ack_time\",\"request_time\",\"response_ack_time\",\"response_time\",\"uri_query\",\"url\"]&custom.search=index=network dest_ip=\"10.0.1.16\" http_method=POST&custom.dispatch.earliest_time=-24h@h&custom.dispatch.latest_time=now&search=search index=network dest_ip=\"10.0.1.16\" http_method=POST&earliest_time=-24h@h&latest_time=now&ui_dispatch_app=search&preview=1&adhoc_search_level=smart&workload_pool=&indexedRealtime=&sample_ratio=1&check_risky_command=false&provenance=UI:Search","http_comment":"HTTP/1.1 201 Created","http_content_length":24,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs HTTP/1.1","request_ack_time":7,"request_time":460,"response_ack_time":25151,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":201,"time_taken":4205,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs"}
{"endtime":"2021-04-22T11:41:56.846767Z","timestamp":"2021-04-22T11:41:56.845150Z","bytes":2868,"bytes_in":743,"bytes_out":2125,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219901","http_comment":"HTTP/1.1 200 OK","http_content_length":1385,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091716.165?output_mode=json&_=1619091219901 HTTP/1.1","request_ack_time":1617,"request_time":0,"response_ack_time":24151,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1617,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091716.165","uri_query":"output_mode=json&_=1619091219901"}
{"endtime":"2021-04-22T11:41:56.879776Z","timestamp":"2021-04-22T11:41:56.879523Z","bytes":1627,"bytes_in":819,"bytes_out":808,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219902","http_comment":"HTTP/1.1 200 OK","http_content_length":110,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219902 HTTP/1.1","request_ack_time":253,"request_time":0,"response_ack_time":25140,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":253,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h%40h&time=now&output_time_format=%25s.%25Q%7C%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25%3Az&_=1619091219902"}
{"endtime":"2021-04-22T11:41:56.928833Z","timestamp":"2021-04-22T11:41:56.927179Z","bytes":3000,"bytes_in":744,"bytes_out":2256,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219903","http_comment":"HTTP/1.1 200 OK","http_content_length":1516,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165?output_mode=json&_=1619091219903 HTTP/1.1","request_ack_time":1654,"request_time":0,"response_ack_time":26209,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":1654,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165","uri_query":"output_mode=json&_=1619091219903"}
{"endtime":"2021-04-22T11:41:56.977489Z","timestamp":"2021-04-22T11:41:56.977202Z","bytes":1466,"bytes_in":729,"bytes_out":737,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&time=-24h&_=1619091219904","http_comment":"HTTP/1.1 200 OK","http_content_length":40,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/timeparser?output_mode=json&time=-24h&_=1619091219904 HTTP/1.1","request_ack_time":287,"request_time":0,"response_ack_time":25586,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":287,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","uri_query":"output_mode=json&time=-24h&_=1619091219904"}
{"endtime":"2021-04-22T11:41:57.115225Z","timestamp":"2021-04-22T11:41:57.113189Z","bytes":3001,"bytes_in":744,"bytes_out":2257,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219905","http_comment":"HTTP/1.1 200 OK","http_content_length":1517,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165?output_mode=json&_=1619091219905 HTTP/1.1","request_ack_time":2036,"request_time":0,"response_ack_time":25714,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2036,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165","uri_query":"output_mode=json&_=1619091219905"}
{"endtime":"2021-04-22T11:41:57.375666Z","timestamp":"2021-04-22T11:41:57.373215Z","bytes":3887,"bytes_in":744,"bytes_out":3143,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219906","http_comment":"HTTP/1.1 200 OK","http_content_length":2403,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165?output_mode=json&_=1619091219906 HTTP/1.1","request_ack_time":2365,"request_time":0,"response_ack_time":25341,"response_time":86,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":2451,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165","uri_query":"output_mode=json&_=1619091219906"}
{"endtime":"2021-04-22T11:41:57.412224Z","timestamp":"2021-04-22T11:41:57.407485Z","bytes":1601,"bytes_in":763,"bytes_out":838,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&min_freq=0&_=1619091219907","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/summary?output_mode=json&min_freq=0&_=1619091219907 HTTP/1.1","request_ack_time":4739,"request_time":0,"response_ack_time":29158,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":4739,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219907"}
{"endtime":"2021-04-22T11:41:57.415222Z","timestamp":"2021-04-22T11:41:57.407714Z","bytes":2907,"bytes_in":2128,"bytes_out":779,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219908","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219908 HTTP/1.1","request_ack_time":8,"request_time":3468,"response_ack_time":30092,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":7508,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219908"}
{"endtime":"2021-04-22T11:41:57.449977Z","timestamp":"2021-04-22T11:41:57.445233Z","bytes":1601,"bytes_in":763,"bytes_out":838,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&min_freq=0&_=1619091219909","http_comment":"HTTP/1.1 200 OK","http_content_length":140,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/summary?output_mode=json&min_freq=0&_=1619091219909 HTTP/1.1","request_ack_time":4744,"request_time":0,"response_ack_time":27022,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":4744,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219909"}
{"endtime":"2021-04-22T11:41:57.451934Z","timestamp":"2021-04-22T11:41:57.084721Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a5c2a982-ca1e-464f-90ee-49bc15071a49","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":194,"response_time":2021,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49478,"status":200,"time_taken":367421,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:57.452442Z","timestamp":"2021-04-22T11:41:57.449573Z","bytes":2907,"bytes_in":2128,"bytes_out":779,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219910","http_comment":"HTTP/1.1 200 OK","http_content_length":82,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219910 HTTP/1.1","request_ack_time":8,"request_time":108,"response_ack_time":28573,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2869,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219910"}
{"endtime":"2021-04-22T11:41:57.558631Z","timestamp":"2021-04-22T11:41:57.198376Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"ee87663b-d962-48f3-b88b-bd36ea8dd229","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":364,"response_time":54,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49997,"status":200,"time_taken":360592,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:41:57.770114Z","timestamp":"2021-04-22T11:41:57.767364Z","bytes":4201,"bytes_in":744,"bytes_out":3457,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219911","http_comment":"HTTP/1.1 200 OK","http_content_length":2717,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165?output_mode=json&_=1619091219911 HTTP/1.1","request_ack_time":2679,"request_time":0,"response_ack_time":27031,"response_time":71,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":2750,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165","uri_query":"output_mode=json&_=1619091219911"}
{"endtime":"2021-04-22T11:41:57.807363Z","timestamp":"2021-04-22T11:41:57.801571Z","bytes":4727,"bytes_in":763,"bytes_out":3964,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&min_freq=0&_=1619091219912","http_comment":"HTTP/1.1 200 OK","http_content_length":3224,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/summary?output_mode=json&min_freq=0&_=1619091219912 HTTP/1.1","request_ack_time":5782,"request_time":0,"response_ack_time":25796,"response_time":10,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":31598,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/summary","uri_query":"output_mode=json&min_freq=0&_=1619091219912"}
{"endtime":"2021-04-22T11:41:57.819010Z","timestamp":"2021-04-22T11:41:57.817429Z","bytes":1815,"bytes_in":740,"bytes_out":1075,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"offset=0&count=1000&_=1619091219914","http_comment":"HTTP/1.1 200 OK","http_content_length":344,"http_content_type":"text/xml; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/search/jobs/1619091716.165/timeline?offset=0&count=1000&_=1619091219914 HTTP/1.1","request_ack_time":1581,"request_time":0,"response_ack_time":32664,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1581,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091716.165/timeline","uri_query":"offset=0&count=1000&_=1619091219914"}
{"endtime":"2021-04-22T11:41:57.843423Z","timestamp":"2021-04-22T11:41:57.802016Z","bytes":33024,"bytes_in":2128,"bytes_out":30896,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219913","http_comment":"HTTP/1.1 200 OK","http_content_length":30155,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/events?output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219913 HTTP/1.1","request_ack_time":18,"request_time":0,"response_ack_time":27961,"response_time":25427,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":68440,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/events","uri_query":"output_mode=json&offset=0&count=20&segmentation=full&max_lines=5&field_list=host%2Csource%2Csourcetype%2Caction%2Capp%2Cc_ip%2Ccount%2Cdate_hour%2Cdate_mday%2Cdate_minute%2Cdate_month%2Cdate_second%2Cdate_wday%2Cdate_year%2Cdate_zone%2Cdest%2Cdest_ip%2Cendtime%2Ceventtype%2Cindex%2Clinecount%2Cprotocol%2Cpunct%2Csite%2Csplunk_server%2Cstatus%2Csum(bytes_in)%2Csum(bytes_out)%2Csum(time_taken)%2Ctag%2Ctag%3A%3Aeventtype%2Ctimeendpos%2Ctimestamp%2Ctimestartpos%2Curi_path%2Cinitial_rtt%2Cquery_type%2Creply_code%2Creply_code_id%2Csrc%2Csrc_ip%2Cssl_cert_md5%2Cssl_cert_self_signed%2Cssl_cert_sha1%2Cssl_cert_sha256%2Cssl_end_time%2Cssl_hash%2Cssl_issuer%2Cssl_issuer_common_name%2Cssl_issuer_country%2Cssl_issuer_email%2Cssl_issuer_locality%2Cssl_issuer_organization%2Cssl_issuer_state%2Cssl_start_time%2Cssl_subject%2Cssl_subject_common_name%2Cssl_subject_country%2Cssl_subject_locality%2Cssl_subject_organization%2Cssl_subject_state%2Cssl_subject_unit%2Cssl_validity_end%2Cssl_validity_start%2Csum(bytes)%2Csum(packets_in)%2Csum(packets_out)%2Ctransport%2Cvalues(flow_id)%7B%7D%2Cform_data%2Chttp_comment%2Chttp_content_length%2Chttp_content_type%2Chttp_method%2Chttp_user_agent%2Crequest%2Crequest_ack_time%2Crequest_time%2Cresponse_ack_time%2Cresponse_time%2Curi_query%2Curl%2C_raw%2C_time%2C_audit%2C_decoration%2C_eventtype_color%2C_fulllinecount%2C_icon%2Ctag*&truncation_mode=abstract&_=1619091219913"}
{"endtime":"2021-04-22T11:41:59.940273Z","timestamp":"2021-04-22T11:41:59.939655Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"72e97f6e-c73b-4adf-8e11-282da5f4f9b0","form_data":"output_mode=json&_=1619091219915","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219915 HTTP/1.1","request_ack_time":618,"request_time":0,"response_ack_time":25162,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52115,"status":200,"time_taken":618,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219915"}
{"endtime":"2021-04-22T11:42:01.260081Z","timestamp":"2021-04-22T11:42:01.258189Z","bytes":1661,"bytes_in":905,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1892,"request_time":0,"response_ack_time":27570,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1892,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:42:01.262124Z","timestamp":"2021-04-22T11:42:01.261910Z","bytes":1730,"bytes_in":766,"bytes_out":964,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037514","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037514 HTTP/1.1","request_ack_time":214,"request_time":0,"response_ack_time":29559,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":214,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037514"}
{"endtime":"2021-04-22T11:42:02.589379Z","timestamp":"2021-04-22T11:42:02.214050Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"2231079a-6477-483f-9577-cf0ea2aaf44c","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":6,"request_time":0,"response_ack_time":253,"response_time":223,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":49999,"status":200,"time_taken":375653,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:02.589423Z","timestamp":"2021-04-22T11:42:02.203456Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"f2e19871-f8bc-4454-b7c4-ab1e070bcf00","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":44,"request_time":0,"response_ack_time":182,"response_time":91,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49480,"status":200,"time_taken":386197,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:08.459783Z","timestamp":"2021-04-22T11:42:08.091116Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"b3c8861f-b3a6-410b-bb12-f0901daf9147","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":32,"request_time":0,"response_ack_time":193,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49482,"status":200,"time_taken":368899,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:08.541083Z","timestamp":"2021-04-22T11:42:08.182706Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"0a1e881d-1638-4870-8d66-efbd68ce7338","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":315,"response_time":73,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50000,"status":200,"time_taken":358600,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:10.690440Z","timestamp":"2021-04-22T11:42:10.689547Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219916","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219916 HTTP/1.1","request_ack_time":893,"request_time":0,"response_ack_time":26716,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":893,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219916"}
{"endtime":"2021-04-22T11:42:13.443784Z","timestamp":"2021-04-22T11:42:13.442033Z","bytes":1662,"bytes_in":906,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control HTTP/1.1","request_ack_time":1751,"request_time":0,"response_ack_time":25804,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1751,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control"}
{"endtime":"2021-04-22T11:42:13.577060Z","timestamp":"2021-04-22T11:42:13.211239Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"e6fafff5-6e78-4e2c-bcaf-ee5c41f96f32","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":30,"request_time":0,"response_ack_time":205,"response_time":48,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49484,"status":200,"time_taken":366039,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:14.490077Z","timestamp":"2021-04-22T11:42:14.135860Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"a5335020-b419-450f-8d81-c45e43efceb9","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":407,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50001,"status":200,"time_taken":354495,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:19.445546Z","timestamp":"2021-04-22T11:42:19.078789Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"410d06e6-2af2-41e2-992b-1b72b9114c70","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":175,"response_time":74,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49486,"status":200,"time_taken":367001,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:20.521606Z","timestamp":"2021-04-22T11:42:20.167133Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c2e20a01-330b-4274-b10e-fc5d7f731f4c","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":38,"request_time":0,"response_ack_time":321,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50002,"status":200,"time_taken":354800,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:20.581826Z","timestamp":"2021-04-22T11:42:20.581081Z","bytes":1874,"bytes_in":723,"bytes_out":1151,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219917","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219917 HTTP/1.1","request_ack_time":745,"request_time":0,"response_ack_time":24970,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":745,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219917"}
{"endtime":"2021-04-22T11:42:23.075014Z","timestamp":"2021-04-22T11:42:23.073459Z","bytes":1661,"bytes_in":905,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1555,"request_time":0,"response_ack_time":26159,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1555,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:42:23.077932Z","timestamp":"2021-04-22T11:42:23.077449Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037515","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037515 HTTP/1.1","request_ack_time":483,"request_time":0,"response_ack_time":27228,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":483,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037515"}
{"endtime":"2021-04-22T11:42:24.551476Z","timestamp":"2021-04-22T11:42:24.197020Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"6189dfeb-d732-4f10-9a2e-d997a160341e","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":41,"request_time":0,"response_ack_time":227,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49488,"status":200,"time_taken":354637,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:24.633011Z","timestamp":"2021-04-22T11:42:24.625710Z","bytes":3175,"bytes_in":822,"bytes_out":2353,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&count=1&locale=en-GB&page=search&segmentation=full&max_lines=5&offset=0&_=1619091037516","http_comment":"HTTP/1.1 200 OK","http_content_length":1613,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/events?output_mode=json&count=1&locale=en-GB&page=search&segmentation=full&max_lines=5&offset=0&_=1619091037516 HTTP/1.1","request_ack_time":7301,"request_time":0,"response_ack_time":28381,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":7301,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/events","uri_query":"output_mode=json&count=1&locale=en-GB&page=search&segmentation=full&max_lines=5&offset=0&_=1619091037516"}
{"endtime":"2021-04-22T11:42:26.462702Z","timestamp":"2021-04-22T11:42:26.104613Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"8882f717-94bd-4979-983e-2d456f1215a2","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":400,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50003,"status":200,"time_taken":358331,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:27.809996Z","timestamp":"2021-04-22T11:42:27.808271Z","bytes":1662,"bytes_in":906,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control HTTP/1.1","request_ack_time":1725,"request_time":0,"response_ack_time":25924,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1725,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control"}
{"endtime":"2021-04-22T11:42:28.316841Z","timestamp":"2021-04-22T11:42:28.316248Z","bytes":1874,"bytes_in":723,"bytes_out":1151,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037517","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037517 HTTP/1.1","request_ack_time":593,"request_time":0,"response_ack_time":25207,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":593,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037517"}
{"endtime":"2021-04-22T11:42:29.947174Z","timestamp":"2021-04-22T11:42:29.946525Z","bytes":1874,"bytes_in":723,"bytes_out":1151,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091219918","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219918 HTTP/1.1","request_ack_time":649,"request_time":0,"response_ack_time":25152,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":649,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219918"}
{"endtime":"2021-04-22T11:42:30.413207Z","timestamp":"2021-04-22T11:42:30.053533Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"63053eb8-af02-4532-8c2f-0dce5314f942","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":39,"request_time":0,"response_ack_time":163,"response_time":55,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49492,"status":200,"time_taken":359889,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:32.446421Z","timestamp":"2021-04-22T11:42:32.089166Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d601fec9-28ec-4dab-a565-ab94a1f499ac","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":43,"request_time":0,"response_ack_time":330,"response_time":58,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50004,"status":200,"time_taken":357695,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:34.561123Z","timestamp":"2021-04-22T11:42:34.559342Z","bytes":1661,"bytes_in":905,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1781,"request_time":0,"response_ack_time":30040,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":1781,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:42:35.522049Z","timestamp":"2021-04-22T11:42:35.164663Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"91e827ca-e23e-4f26-9076-0a066582273a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":41,"request_time":0,"response_ack_time":204,"response_time":49,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49494,"status":200,"time_taken":357607,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:37.027368Z","timestamp":"2021-04-22T11:42:37.027368Z","count":34,"c_ip":"46.128.24.64","sum(bytes_in)":32718,"sum(bytes_out)":81265,"sum(time_taken)":191455}
{"endtime":"2021-04-22T11:42:37.027368Z","timestamp":"2021-04-22T11:42:37.027368Z","count":11,"c_ip":"10.0.1.18","sum(bytes_in)":1837,"sum(bytes_out)":10967,"sum(time_taken)":4004215}
{"endtime":"2021-04-22T11:42:37.027368Z","timestamp":"2021-04-22T11:42:37.027368Z","count":10,"c_ip":"10.0.1.15","sum(bytes_in)":1670,"sum(bytes_out)":9970,"sum(time_taken)":3606865}
{"endtime":"2021-04-22T11:42:37.027436Z","timestamp":"2021-04-22T11:42:37.027436Z","count":55,"dest_ip":"10.0.1.12","sum(time_taken)":7802535}
{"endtime":"2021-04-22T11:42:37.027444Z","timestamp":"2021-04-22T11:42:37.027444Z","count":1,"dest_ip":"10.0.1.12","status":201}
{"endtime":"2021-04-22T11:42:37.027444Z","timestamp":"2021-04-22T11:42:37.027444Z","count":54,"dest_ip":"10.0.1.12","status":200}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":201,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs","sum(bytes_in)":3146,"sum(bytes_out)":789,"sum(time_taken)":4205}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/summary","sum(bytes_in)":2289,"sum(bytes_out)":5640,"sum(time_taken)":41081}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/events","sum(bytes_in)":6384,"sum(bytes_out)":32454,"sum(time_taken)":78817}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control","sum(bytes_in)":1812,"sum(bytes_out)":1512,"sum(time_taken)":3476}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":4,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165","sum(bytes_in)":2976,"sum(bytes_out)":11113,"sum(time_taken)":8891}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091467.157/control","sum(bytes_in)":1812,"sum(bytes_out)":1512,"sum(time_taken)":3306}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/events","sum(bytes_in)":822,"sum(bytes_out)":2353,"sum(time_taken)":7301}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control","sum(bytes_in)":905,"sum(bytes_out)":756,"sum(time_taken)":1892}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/search/jobs/1619091716.165","sum(bytes_in)":743,"sum(bytes_out)":2125,"sum(time_taken)":1617}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/servicesNS/admin/search/saved/searches/_new","sum(bytes_in)":736,"sum(bytes_out)":7132,"sum(time_taken)":31961}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":9,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","sum(bytes_in)":6507,"sum(bytes_out)":10367,"sum(time_taken)":6095}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":2,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/timeparser","sum(bytes_in)":1548,"sum(bytes_out)":1545,"sum(time_taken)":540}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":1,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/search/jobs/1619091716.165/timeline","sum(bytes_in)":740,"sum(bytes_out)":1075,"sum(time_taken)":1581}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":3,"dest_ip":"10.0.1.12","site":"3.66.253.226:8000","status":200,"uri_path":"/en-GB/splunkd/__raw/services/messages","sum(bytes_in)":2298,"sum(bytes_out)":2892,"sum(time_taken)":692}
{"endtime":"2021-04-22T11:42:37.027455Z","timestamp":"2021-04-22T11:42:37.027455Z","count":21,"dest_ip":"10.0.1.12","site":"10.0.1.12","status":200,"uri_path":"/en-us/custom/splunk_app_stream/ping/","sum(bytes_in)":3507,"sum(bytes_out)":20937,"sum(time_taken)":7611080}
{"endtime":"2021-04-22T11:42:37.496902Z","timestamp":"2021-04-22T11:42:37.135933Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"885c250e-b62b-41da-be4e-cf79cc2b82ef","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":8,"request_time":0,"response_ack_time":329,"response_time":53,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50005,"status":200,"time_taken":361227,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:38.644580Z","timestamp":"2021-04-22T11:42:38.644198Z","bytes":1730,"bytes_in":766,"bytes_out":964,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037519","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037519 HTTP/1.1","request_ack_time":382,"request_time":0,"response_ack_time":25028,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":382,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091037519"}
{"endtime":"2021-04-22T11:42:38.644819Z","timestamp":"2021-04-22T11:42:38.644222Z","bytes":1875,"bytes_in":723,"bytes_out":1152,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"27508bf6-22a8-4863-9bc0-66bf4d562c5b","form_data":"output_mode=json&_=1619091037518","http_comment":"HTTP/1.1 200 OK","http_content_length":413,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037518 HTTP/1.1","request_ack_time":597,"request_time":0,"response_ack_time":29072,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52027,"status":200,"time_taken":597,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037518"}
{"endtime":"2021-04-22T11:42:39.948390Z","timestamp":"2021-04-22T11:42:39.948145Z","bytes":1730,"bytes_in":766,"bytes_out":964,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219920","http_comment":"HTTP/1.1 200 OK","http_content_length":266,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/messages?output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219920 HTTP/1.1","request_ack_time":245,"request_time":0,"response_ack_time":26854,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":245,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/messages","uri_query":"output_mode=json&sort_key=timeCreated_epochSecs&sort_dir=desc&count=1000&_=1619091219920"}
{"endtime":"2021-04-22T11:42:41.391487Z","timestamp":"2021-04-22T11:42:41.023742Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"7f772019-1fd3-4e22-b5c5-4aca394b8bcf","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":218,"response_time":57,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49496,"status":200,"time_taken":367977,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:42.810287Z","timestamp":"2021-04-22T11:42:42.808648Z","bytes":1662,"bytes_in":906,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control HTTP/1.1","request_ack_time":1639,"request_time":0,"response_ack_time":30083,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1639,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control"}
{"endtime":"2021-04-22T11:42:43.460474Z","timestamp":"2021-04-22T11:42:43.104673Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"aa7646fa-dc2f-40ea-a12e-986b68ba9cfb","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":44,"request_time":0,"response_ack_time":390,"response_time":60,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50006,"status":200,"time_taken":356140,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:46.509193Z","timestamp":"2021-04-22T11:42:46.143082Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d191d56a-b185-475b-8afa-d3585db766a5","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":34,"request_time":0,"response_ack_time":247,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49498,"status":200,"time_taken":366308,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:48.582295Z","timestamp":"2021-04-22T11:42:48.581559Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037520","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037520 HTTP/1.1","request_ack_time":736,"request_time":0,"response_ack_time":30118,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":736,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037520"}
{"endtime":"2021-04-22T11:42:49.428097Z","timestamp":"2021-04-22T11:42:49.073392Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"3506f46e-e2c5-4b8f-8793-913b420805fe","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":308,"response_time":48,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50007,"status":200,"time_taken":354947,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:49.537237Z","timestamp":"2021-04-22T11:42:49.535767Z","bytes":1661,"bytes_in":905,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1470,"request_time":0,"response_ack_time":26146,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1470,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:42:49.940414Z","timestamp":"2021-04-22T11:42:49.939873Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219921","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219921 HTTP/1.1","request_ack_time":541,"request_time":0,"response_ack_time":25094,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":541,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219921"}
{"endtime":"2021-04-22T11:42:51.618885Z","timestamp":"2021-04-22T11:42:51.260825Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"cb386d32-8091-4cd0-95c5-fd14278222a3","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":35,"request_time":0,"response_ack_time":175,"response_time":48,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49500,"status":200,"time_taken":358261,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:55.469028Z","timestamp":"2021-04-22T11:42:55.104815Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"d19844d3-0332-49a2-8881-fceedd82fde1","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":368,"response_time":42,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50008,"status":200,"time_taken":364613,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:57.482664Z","timestamp":"2021-04-22T11:42:57.120724Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"60a06c3d-3e73-4273-b7ec-e2a243e2f88a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":211,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49502,"status":200,"time_taken":362179,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:42:57.809615Z","timestamp":"2021-04-22T11:42:57.807886Z","bytes":1662,"bytes_in":906,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control HTTP/1.1","request_ack_time":1729,"request_time":0,"response_ack_time":31144,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1729,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control"}
{"endtime":"2021-04-22T11:42:58.593716Z","timestamp":"2021-04-22T11:42:58.593122Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037521","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037521 HTTP/1.1","request_ack_time":594,"request_time":0,"response_ack_time":27127,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":594,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037521"}
{"endtime":"2021-04-22T11:42:59.940014Z","timestamp":"2021-04-22T11:42:59.939425Z","bytes":1876,"bytes_in":723,"bytes_out":1153,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219922","http_comment":"HTTP/1.1 200 OK","http_content_length":414,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219922 HTTP/1.1","request_ack_time":589,"request_time":0,"response_ack_time":25100,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":589,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219922"}
{"endtime":"2021-04-22T11:43:01.435593Z","timestamp":"2021-04-22T11:43:01.074029Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c7f3558c-311d-42b8-ab0a-071d50d9abab","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":7,"request_time":0,"response_ack_time":370,"response_time":63,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50009,"status":200,"time_taken":361857,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:43:02.610866Z","timestamp":"2021-04-22T11:43:02.234310Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"85a0813f-9ed9-4d90-90ef-13d4dcac84d7","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":41,"request_time":0,"response_ack_time":395,"response_time":183,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49504,"status":200,"time_taken":376820,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:43:04.627918Z","timestamp":"2021-04-22T11:43:04.626191Z","bytes":1661,"bytes_in":905,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control HTTP/1.1","request_ack_time":1727,"request_time":0,"response_ack_time":27927,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1727,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091153.77/control"}
{"endtime":"2021-04-22T11:43:07.430795Z","timestamp":"2021-04-22T11:43:07.073575Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"24d1e4e2-359f-4191-b89b-1f6415102823","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":39,"request_time":0,"response_ack_time":393,"response_time":46,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50011,"status":200,"time_taken":357616,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:43:08.476153Z","timestamp":"2021-04-22T11:43:08.112603Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"7e195b86-e2b3-4001-a8ca-077c0940ce8a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":5,"request_time":0,"response_ack_time":178,"response_time":55,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49506,"status":200,"time_taken":363751,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:43:08.641436Z","timestamp":"2021-04-22T11:43:08.640828Z","bytes":1874,"bytes_in":723,"bytes_out":1151,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091037522","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091037522 HTTP/1.1","request_ack_time":608,"request_time":0,"response_ack_time":29071,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":608,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091037522"}
{"endtime":"2021-04-22T11:43:09.941811Z","timestamp":"2021-04-22T11:43:09.941031Z","bytes":1874,"bytes_in":723,"bytes_out":1151,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&_=1619091219923","http_comment":"HTTP/1.1 200 OK","http_content_length":412,"http_content_type":"application/json; charset=UTF-8","http_method":"GET","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"GET /en-GB/splunkd/__raw/services/server/health/splunkd?output_mode=json&_=1619091219923 HTTP/1.1","request_ack_time":780,"request_time":0,"response_ack_time":26934,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":780,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/services/server/health/splunkd","uri_query":"output_mode=json&_=1619091219923"}
{"endtime":"2021-04-22T11:43:12.811276Z","timestamp":"2021-04-22T11:43:12.809500Z","bytes":1662,"bytes_in":906,"bytes_out":756,"cookie":"splunkweb_csrf_token_8000=579371531348944915; session_id_8000=9b2a4174fa8b24ce82f54013990604f40df4b1c5; splunkd_8000=ZKzM_GZn4T360k33IUcrB6h7ChQEjs6BKYLsjkTNcO8yYx_^wGYHmaV3cZeKEBDQ9xqGUOPZ0RItrLh6dVjcyEv2ObQyV1LIjB_lQVqqa2isJio_pv9y2KE9RUioF65ogpiX","dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"c76c0b8e-fa13-4608-bbcd-97ad1c14fe18","form_data":"output_mode=json&action=touch","http_comment":"HTTP/1.1 200 OK","http_content_length":59,"http_content_type":"application/json; charset=UTF-8","http_method":"POST","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36","protocol_stack":"ip:tcp:http","request":"POST /en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control HTTP/1.1","request_ack_time":1776,"request_time":0,"response_ack_time":23928,"response_time":0,"server":"Splunkd","site":"3.66.253.226:8000","src_ip":"46.128.24.64","src_mac":"02:77:81:3A:65:E0","src_port":52117,"status":200,"time_taken":1776,"transport":"tcp","uri_path":"/en-GB/splunkd/__raw/servicesNS/nobody/search/search/jobs/1619091716.165/control"}
{"endtime":"2021-04-22T11:43:13.451614Z","timestamp":"2021-04-22T11:43:13.089121Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"2a696f70-019f-4cb9-b873-9cbb226c8dc8","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":40,"request_time":0,"response_ack_time":372,"response_time":54,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.15","src_mac":"02:01:E8:40:05:E2","src_port":50012,"status":200,"time_taken":362832,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}
{"endtime":"2021-04-22T11:43:13.589369Z","timestamp":"2021-04-22T11:43:13.227699Z","bytes":1164,"bytes_in":167,"bytes_out":997,"dest_ip":"10.0.1.12","dest_mac":"02:CA:90:5D:73:E0","dest_port":8000,"flow_id":"2e283314-6cba-4f19-8a13-f2c4df6e5b6a","http_comment":"HTTP/1.1 200 OK","http_content_length":508,"http_content_type":"text/json;charset=utf-8","http_method":"GET","http_user_agent":"SplunkStream/7.3.0","protocol_stack":"ip:tcp:http","request":"GET /en-us/custom/splunk_app_stream/ping/ HTTP/1.1","request_ack_time":34,"request_time":0,"response_ack_time":243,"response_time":0,"server":"Splunkd","site":"10.0.1.12","src_ip":"10.0.1.18","src_mac":"02:F6:49:D0:7C:A4","src_port":49508,"status":200,"time_taken":361887,"transport":"tcp","uri_path":"/en-us/custom/splunk_app_stream/ping/"}