Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to see users logging in from more than one country?

LANGLEYJ
New Member
‎02-09-2017 02:38 PM

I would like to only show users loging into multiple countrys. How would i manipulate this search to do that?

index="index" "Login succeeded for" | iplocation sip | stats count(sip) AS ipCount by ssl_vpn_user_name, sip, _time, Country, City | where ipCount >=1 | table _time, ssl_vpn_user_name, sip, Country, City | dedup sip

I get a similar table:

time ssl_vpn_user_name sip country city
time user1 ip Country City
time user2 ip Country City
time user3 ip Country City
time user3 DIFip DIFCountry DIFCITY

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

pradeepkumarg
Influencer
‎02-09-2017 05:56 PM

append this to your search

| eventstats dc(country) as COUNT by ssl_vpn_user_name | where COUNT > 1

View solution in original post

Reply
Solved! Jump to solution

LordIssam
Engager
‎06-09-2022 12:34 PM

Nice! thx

0 Karma
Reply
Solved! Jump to solution
Solution

pradeepkumarg
Influencer
‎02-09-2017 05:56 PM

append this to your search

| eventstats dc(country) as COUNT by ssl_vpn_user_name | where COUNT > 1

Reply
Solved! Jump to solution

LANGLEYJ
New Member
‎02-10-2017 06:50 AM

Perfect! Thank you very much!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...