Reporting

how to create Hourly logon Failure Summary Report

nebyouadane
New Member

Hi,
I would like to Create a report Summary and Auto generate sent it to via email for a group of people. I want this report to run daily, Hourly or weekly. Also I can I make a chart report and attach it.
Thanks

0 Karma

lukejadamec
Super Champion

You will need to create a search that generates the results you want in the report, and then create a scheduled report that runs on the time frame you specify. You would need a separate scheduled report for each time frame.

Depending on your search output, you can create a variety of charts to visualize the data.

"Failed Logins" is a pretty broad term in a Windows environment. You should specify which type of logon failures you're interested in. The four common ones are 4776, 680, 4625, and 529, and there 9 different types of logons. There are also different types of users - system, functional, authenticated...

0 Karma

lguinn2
Legend

I suggest that you create 3 different dashboards - one for the hourly report, one for the daily report and one for the weekly report. On each dashboard, you can show the report both as a table and a chart.
Each dashboard can be scheduled to run on a regular basis, and to have a PDF generated and emailed.
You could also use report acceleration for the underlying report, since the same data will be used for all the reports.

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...