Splunk Queries:Slack:Channel Joins

Slack logging to Splunk is a rich data source for inferred intelligence. Run this query to see who has joined what private channel:

index="slack" action=user_channel_join | spath output=user path=actor.user.email |
spath output=channel path=entity.channel.name |
spath output=how path=details.type |
where how="INVITED" |
spath output=when path=date_create |
spath output=by path=details.inviter.email |
eval join_time=strftime(when,"%m/%d/%y %H:%M:%S") |
table user,join_time,channel,how,by

AWS

RDS

Apache

FleetDM

OSQuery

GHE

GSuite

Git

Jira

Linux

OpenLDAP

Openstack

VMs-from-cURL

SSL

X

Enable

kubernetes

minikube

webdriver

dump-all-elements

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Splunk Queries:Slack:Channel Joins

AWS

Apache

FleetDM

GHE

GSuite

Git

Grafana

Java

Jenkins

Jira

Linux

OpenLDAP

Openstack

SSL

X

kubernetes

webdriver

Clone this wiki locally