Hello Splunkers!
I wanted to ask if anyone out there has some SPL that I can use as an alert to detect failed and successful logins detected that are !=United States?
Thank you for your help!
Hi @itsmevic,
You can use iplocation command to check the country, as a sample;
| iplocation src_ip
| search Country!="United States"
Hi @itsmevic,
You can use iplocation command to check the country, as a sample;
| iplocation src_ip
| search Country!="United States"