Splunk Search

Displaying unwanted user names on the output

brpsingara
Explorer

Below is my code and I want to display only "Druv" Failed logins. But, I see the user name 'None' , 'Karla' and other few names.

How avoid the unwanted users in the output

index=wineventlog source="WinEventLog:Security" sourcetype=WinEventLog:Security EventCode=4625 where Account_Name=Druv
| stats count by _time, Workstation_Name,Account_Name,dest, dest_nt_domain, product, app, action, EventCode, EventCodeDescription, Failure_Reason, name 
| sort  _time
| where Account_Name!="-"

Thanks in advance

Tags (1)
0 Karma

to4kawa
Ultra Champion
index=wineventlog source="WinEventLog:Security" sourcetype=WinEventLog:Security EventCode=4625 Account_Name="Druv"
 | stats count by _time, Workstation_Name,Account_Name,dest, dest_nt_domain, product, app, action, EventCode, EventCodeDescription, Failure_Reason, name 
 | sort  _time

I exclude where. typo?

0 Karma

brpsingara
Explorer

thank you

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...