Getting Data In

log on times for report

joeyfine
New Member

Hello all,

I am creating a report that shows that shows when external facing ips log into our server. I have the user name, IP address, City, Region, & Country all reporting. I am trying to get a time stamp when the users log in but i cannot find the right command can you help? Here is what I have so far..

sourcetype="iis" source="E:\TempSplunkData\IIS\u_ex15012812.log" c_ip != "10.47.*" | iplocation c_ip | table c_ip, cs_username, City, Region, Country

Tags (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust
... | table _time c_ip, cs_username, City, Region, Country
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust
... | table _time c_ip, cs_username, City, Region, Country
---
If this reply helps you, Karma would be appreciated.
0 Karma

joeyfine
New Member

Thanks that worked 🙂

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...