192.168.65.1 - admin [22/Nov/2023:20:34:11.176 +0000] "GET /en-US/app/search/search?q=search%20%60splunkd_ui%60%20(uri%3D%22*NO_BINARY_CHECK%3D1*%22%20AND%20%22*input.path%3D*.xsl*%22)%20OR%20(uri%3D%22*dispatch*.xsl*%22)%20%0A%7C%20rex%20field%3Duri%20%22(%3F%3Cstring%3E%3D%5Cs*(%5B%5CS%5Cs%5D%2B))%22%20%0A%7C%20eval%20decoded_field%3Durldecode(string)%20%0A%7C%20eval%20action%3Dcase(match(status%2C%22200%22)%2C%22Allowed%22%2Cmatch(status%2C%22303%7C500%7C401%7C403%7C404%7C301%7C406%22)%2C%22Blocked%22%2C1%3D1%2C%22Unknown%22)%20%0A%7C%20stats%20count%20min(_time)%20as%20firstTime%20max(_time)%20as%20lastTime%20by%20clientip%20useragent%20uri%20decoded_field%20action%20host%20%0A%7C%20rename%20clientip%20as%20src%2C%20uri%20as%20dest_uri%20%0A%7C%20iplocation%20src%20%0A%7C%20fillnull%20value%3D%22N%2FA%22%20%0A%7C%20%60security_content_ctime(firstTime)%60%0A%7C%20%60security_content_ctime(lastTime)%60%0A%7C%20table%20firstTime%2C%20lastTime%20src%2C%20useragent%2C%20dest_uri%2C%20decoded_field%2C%20action%2C%20count%2C%20Country%2C%20Region%2C%20City&display.page.search.mode=smart&dispatch.sample_ratio=1&workload_pool=&earliest=&latest=1700673330&display.page.search.tab=statistics&display.general.type=statistics&sid=1700684567.209 HTTP/1.1" 200 1708 "http://127.0.0.1:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" - dfe8a588de0b159127c19850547ef17a 114ms
192.168.65.1 - admin [22/Nov/2023:20:33:32.206 +0000] "POST /en-US/splunkd/__upload/indexing/preview?output_mode=json&props.NO_BINARY_CHECK=1&input.path=shell.xsl HTTP/1.1" 200 70 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/119.0" - 06806a24955b7339dd495281988c8023 126ms
192.168.65.1 - - [22/Nov/2023:20:31:14.414 +0000] "GET /en-US/account/login?session_expired=1&return_to=%2Fen-US%2Fapp%2Fsearch%2Fsearch%3Fq%3Dsearch%2520%2560splunkd_ui%2560%2520(uri%253D%2522*NO_BINARY_CHECK%253D1*%2522%2520AND%2520%2522*input.path%253D*.xsl*%2522)%2520OR%2520(uri%253D%2522*dispatch*.xsl*%2522)%2520%250A%257C%2520rex%2520field%253Duri%2520%2522(%253F%253Cstring%253E%253D%255Cs*(%255B%255CS%255Cs%255D%252B))%2522%2520%250A%257C%2520eval%2520decoded_field%253Durldecode(string)%2520%250A%257C%2520eval%2520action%253Dcase(match(status%252C%2522200%2522)%252C%2522Allowed%2522%252Cmatch(status%252C%2522303%257C500%257C401%257C403%257C404%257C301%257C406%2522)%252C%2522Blocked%2522%252C1%253D1%252C%2522Unknown%2522)%2520%250A%257C%2520stats%2520count%2520min(_time)%2520as%2520firstTime%2520max(_time)%2520as%2520lastTime%2520by%2520clientip%2520useragent%2520uri%2520decoded_field%2520action%2520host%2520%250A%257C%2520rename%2520clientip%2520as%2520src%252C%2520uri%2520as%2520dest_uri%2520%250A%257C%2520iplocation%2520src%2520%250A%257C%2520fillnull%2520value%253D%2522N%252FA%2522%2520%250A%257C%2520%2560security_content_ctime(firstTime)%2560%250A%257C%2520%2560security_content_ctime(lastTime)%2560%250A%257C%2520table%2520firstTime%252C%2520lastTime%2520src%252C%2520useragent%252C%2520dest_uri%252C%2520decoded_field%252C%2520action%252C%2520count%252C%2520Country%252C%2520Region%252C%2520City%26display.page.search.mode%3Dsmart%26dispatch.sample_ratio%3D1%26workload_pool%3D%26earliest%3D%26latest%3D1700673330%26display.page.search.tab%3Dstatistics%26display.general.type%3Dstatistics%26sid%3D1700684567.209 HTTP/1.1" 200 4324 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" - - 1ms