Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

User activities in single query

SPLUNK111
New Member
‎12-10-2020 07:47 PM

HI Team,

I'm new to splunk..could 

How to check the different activities by listed users(ex: 10 users) from single query

1)password failure

2)Malware operations/malicious file

3)Traffic towards malicious public IP

4)Suspicious mail activity

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-11-2020 12:29 AM

Hi @SPLUNK111,

you question is just a little bit vague!

How can I help you without knowing which are the data where to extract fields and create searches?

Anyway, your approach should be:

  • analyze your data,
  • extract fields to use in all your searches (using regexes or the Interactive Field Extractor),
  • create one by one your searches answering to you use cases.

If you're new, the best approach is to follow the Splunk Fundamentals I course (https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html) and the Splunk Search Tutorial (https://docs.splunk.com/Documentation/Splunk/8.1.0/SearchTutorial/WelcometotheSearchTutorial) to understand how to do the above activities.

In addition on YouTube you can find many videos about this.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...