splunk query to find user login


List of local users’ Splunk login attempts Find out how to use SPL to acquire a list of login attempts made by the local user of Splunk by using the following query: index= audit action=”login attempt” | stats count by user info action _time | sort – info /div> div>div>a href=”https://splunkonbigdata.com/top-10-used-and-popular-splunk-queries/#::text=List percent 20of percent 20Login percent 20attempts percent 20of percent 20splunk percent 20local percent 20users user percent 20info percent 20action percent 20 time percent 20 percent 20 percent 7C percent 20 percent 20sort percent 20- percent 20info top ten most frequent and well-known Splunk searches – Big Data using Splunk

Leave a Reply

Your email address will not be published.