Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Failed logins by host- How can I find out what the "other" devices or hostnames are?

na
Loves-to-Learn
‎10-23-2022 05:55 AM

I have repeated failed logins listed as "Other" in my pie chart for Failed Logins by Host. How can I find out what those "other" devices or hostnames are? There were 85 Other in Failed logins by host and 9 Other in the successful logins by host. I need help determining what "Other" means in this context.

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2022 06:40 AM

"Other" means there are too many entries (more than 10 by default) for the chart command to display.  You should be able to click on the "Other" wedge to drill down and find out which hosts they are.  If clicking doesn't work, add a Drilldown in the dashboard panel.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

na
Loves-to-Learn
‎10-23-2022 09:40 AM

When I click on the Other wedge, it displays the search window and I click the magnifying glass but nothing is displayed (says No results found). How do you add a drilldown on the dashboard? I am really new to splunk. So my questions are for a novice user.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2022 11:32 AM

To add a drilldown to a dashboard, first click the "Edit" button in the top-right corner of the dashboard.  If the button is not there then you will need CLI access to edit the dashboard code.

In the panel containing the pie chart, click on the triple-dot icon and select "Edit Drilldown".  Select "Link to search" from the dropdown then choose "Custom".  It "Search String" box should populate with the search from the panel.  Modify the query to produce the desired output and then click Apply.  Click Save at the top-right to commit the dashboard changes.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...