Paste a raw log → get an AI-suggested search, explained.
Paste a raw log line and get an AI-suggested Splunk search. The query uses your log's own fields — verify it in your environment before relying on it.
The SPL is AI-suggested — a starting point. It uses your log's own field names and a <your_index> sourcetype you confirm. Always verify before running it in production.
Nothing is stored or logged. Indicators (IPs — including internal ranges — domains, URLs, hashes, emails, CVE IDs, and usernames/hostnames in labeled fields) are detected on our server with deterministic pattern-matching before the model is called — no AI is used for that step. The full line is then sent to the AI model to build the SPL search and is not saved — there are no share URLs and no account is required.
A single syslog line, a Windows 4625 event, an Apache access line, a Cisco ASA deny, a JSON or CEF record. The format is detected automatically.
The model extracts the fields the log actually contains and builds a primary search plus broad and precise alternatives — grounded in those field names.
Run the included discovery query to list your real sourcetypes, confirm the guessed sourcetype, and validate the search before relying on it.
Same tool for Microsoft Sentinel: paste a raw log and get an AI-suggested KQL search, explained.
Check any IP, domain, hash, or URL extracted from your log against 14+ threat intelligence sources.
Browse the full set of free DFIR tools — IOC checks, domain lookups, phishing analysis, and more.
The DFIR Platform adds private enrichment, detection-rule management, and API access — results never leave your workspace. Free tier includes credits to get started.