Splunk® App for Fraud Analytics

User Guide

This documentation does not apply to the most recent version of Splunk® App for Fraud Analytics. For documentation on the most recent version, go to the latest release.

Data model definitions

Use the following tables for information on the various fields in the fraud related data models:

Fraud account data model

Name Description Example Format Source
acc_age Age of the account (in days) 107 Number Extracted
acc_holder_dob Date of birth 05/25/1995 String Extracted
acc_holder_first_name FIrst name John String Extracted
acc_holder_last_name Last name Smith String Extracted
acc_holder_middle Middle initial P String Extracted
acc_status Account status Approve String Extracted
addr_home_city City of home address Seattle String Extracted
addr_home_state State of home address Washington String Extracted
addr_home_zip Zip Code of home address 92017 Number Extracted
addr_home_zip_lat Latitude of zip code String Lookup
addr_home_zip_lon Longitude of zip code String Lookup
deviceid Device identifier
direct_deposit Destination account for funds 12345678 Number Extracted
email Email address john.smith@gmail.com String Extracted
email_domain_root Email address domain (root) gmail String Eval Expression
email_domain_tld Email address domain (top level) gmail.com String Eval Expression
email_normalized Email address (Includes the name) johnsmith@gmail.com String Eval Expression
host Host of the data source String Inherited
http_accept String Extracted
http_accept_language String Extracted
http_content_type String Extracted
http_method API method (Post, Get, and so on) String Extracted
http_referer Referring URL String Extracted
http_user_agent Web browser identifier Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393 		String Extracted
mmn Mother's maiden name Smith String Extracted
occupation Occupation Janitor String Extracted
password Password Hash of pwd String Eval Expression
phone_home Home phone number 209-121-2398 String Extracted
r_10 Deprecated Number Eval Expression
source Source of the data source String Inherited
sourcetype Sourcetype of the data source String Inherited
src_ip IP address logged for the event 123.10.10.234 IPv4 Extracted
src_ip_City City corresponding to the IP address Los Angeles String Geo IP
src_ip_Country Country corresponding to the IP address United States String Geo IP
src_ip_lat Latitude corresponding to the IP address String Geo IP
src_ip_lon Longitude corresponding to the IP address String Geo IP
src_ip_Region State or province corresponding to the IP address Florida String Geo IP
ssn Social security number 172-90-9201 String Extracted
uniqueid Credit, benefits application ID, or permanent user ID that supersedes SSN or username String Extracted
username Username barneysmith String Extracted


Fraud web data model

Name Description Example Format Source
accept_language Language accepted by the browser String Extracted
action String Extracted
actions String Extracted
bill_payments_num Number Extracted
bytes_in Number Extracted
bytes_in_total Number Extracted
bytes_out Number Extracted
bytes_out_total Number Extracted
City String Extracted
Countries_num Number Extracted
Country String Extracted
date_hour Number Extracted
date_mday Number Extracted
date_month String Extracted
date_wday String Extracted
date_year Number Extracted
date_zone Number Extracted
deposit_checks_num Number Extracted
errors Number Extracted
host String Inherited
http_accept String Extracted
http_accept_language String Extracted
http_content_type String Extracted
http_method API method (Post, Get, and so on) String Extracted
http_referer Referring URL String Extracted
http_user_agent Browser identifier String Extracted
http_user_agents_num Number Extracted
ip_16_subnet String Extracted
ip_16_subnets String Extracted
ip_16_subnets_num Number Extracted
ip_subnet_16 String Extracted
ip_subnet_24 String Extracted
is_aggregator Number Extracted
languages String Extracted
logged_in Number Extracted
logins_success_num Number Extracted
money_movements_num Number Extracted
r_10 deprecated Number Eval expression
r_100 Deprecated Number Eval expression
r_1000 Deprecated Number Eval expression
r_10000 Deprecated Number Eval expression
r_100000 Deprecated Number Eval expression
r_1000000 Deprecated Number Eval expression
Region String Extracted
risk_exposure Number Extracted
risk_exposure_r Number Extracted
risk_level Number Extracted
risk_level_r Number Extracted
screen String Extracted
screens String Extracted
security_code_requests_num Number Extracted
session_duration Number Extracted
session_events_num Number Extracted
session_id Web session ID String Extracted
source String Inherited
sourcetype String Inherited
src_ip Client IP address 10.10.10.20 String Extracted
src_ips_num Number Extracted
status Web page status 400, 200, etc Number Extracted
trade_securities_num Number Extracted
uri String Extracted
uri_path String Extracted
username Username barneysmith String Extracted
username_ex String Extracted
username_tried String Extracted
usernames String Extracted
usernames_num Number Extracted
Last modified on 10 November, 2023
Workflow actions in Splunk App for Fraud Analytics   Interactive search panel visualization commands

This documentation applies to the following versions of Splunk® App for Fraud Analytics: 1.1.3

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters