Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Failed logins by host- How can I find out what the "other" devices or hostnames are?

na
Loves-to-Learn
‎10-23-2022 05:55 AM

I have repeated failed logins listed as "Other" in my pie chart for Failed Logins by Host. How can I find out what those "other" devices or hostnames are? There were 85 Other in Failed logins by host and 9 Other in the successful logins by host. I need help determining what "Other" means in this context.

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2022 06:40 AM

"Other" means there are too many entries (more than 10 by default) for the chart command to display.  You should be able to click on the "Other" wedge to drill down and find out which hosts they are.  If clicking doesn't work, add a Drilldown in the dashboard panel.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

na
Loves-to-Learn
‎10-23-2022 09:40 AM

When I click on the Other wedge, it displays the search window and I click the magnifying glass but nothing is displayed (says No results found). How do you add a drilldown on the dashboard? I am really new to splunk. So my questions are for a novice user.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2022 11:32 AM

To add a drilldown to a dashboard, first click the "Edit" button in the top-right corner of the dashboard.  If the button is not there then you will need CLI access to edit the dashboard code.

In the panel containing the pie chart, click on the triple-dot icon and select "Edit Drilldown".  Select "Link to search" from the dropdown then choose "Custom".  It "Search String" box should populate with the search from the panel.  Modify the query to produce the desired output and then click Apply.  Click Save at the top-right to commit the dashboard changes.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...