Splunk Search for Tanium Clients Feb 24, 2020 • Ulysses Here’s the Splunk search for Tanium clients reporting to the Tanium server. <pre lang="bash">"data.jsonPayload.rule_details.direction"=EGRESS "data.jsonPayload.connection.src_ip"="10.0.0.1" "data.jsonPayload.connection.dest_port"=17472