Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

After Hour login query/dashboard

bluemarvel
Path Finder
‎04-26-2017 09:01 AM

Hello I am looking to set up a dashboard to monitor or an alert that will help track after hour log ins. Any suggestions
the query will use windows log in events codes.

thank you in advance

Tags (1)
0 Karma
Reply

jrprez1804
Path Finder
‎07-06-2017 02:55 PM

date_hour>=17 OR date_hour<=8 | stats count by user

0 Karma
Reply

adonio
Ultra Champion
‎04-26-2017 09:49 AM

you can start with something basic, assuming after hours are 5:00pm - 8:00am 

earliest= @d-7h latest=@d+8h index= sourcetype= EventCode = 4624 | stats count by user
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...