Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Failed logins by host- How can I find out what the "other" devices or hostnames are?

na
Loves-to-Learn
‎10-23-2022 05:55 AM

I have repeated failed logins listed as "Other" in my pie chart for Failed Logins by Host. How can I find out what those "other" devices or hostnames are? There were 85 Other in Failed logins by host and 9 Other in the successful logins by host. I need help determining what "Other" means in this context.

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2022 06:40 AM

"Other" means there are too many entries (more than 10 by default) for the chart command to display.  You should be able to click on the "Other" wedge to drill down and find out which hosts they are.  If clicking doesn't work, add a Drilldown in the dashboard panel.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

na
Loves-to-Learn
‎10-23-2022 09:40 AM

When I click on the Other wedge, it displays the search window and I click the magnifying glass but nothing is displayed (says No results found). How do you add a drilldown on the dashboard? I am really new to splunk. So my questions are for a novice user.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2022 11:32 AM

To add a drilldown to a dashboard, first click the "Edit" button in the top-right corner of the dashboard.  If the button is not there then you will need CLI access to edit the dashboard code.

In the panel containing the pie chart, click on the triple-dot icon and select "Edit Drilldown".  Select "Link to search" from the dropdown then choose "Custom".  It "Search String" box should populate with the search from the panel.  Modify the query to produce the desired output and then click Apply.  Click Save at the top-right to commit the dashboard changes.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...