Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to generate a search to see which users have signed in from a different country other than the U.S. in the last 24 hours?

rodiers01
New Member
‎02-15-2017 12:39 PM

Good afternoon all

I'm just looking for a search that will search for anyone that has logged in to a web site, from a different Country (other than the U.S.), in the last 24 hours. Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rjthibod
Champion
‎02-15-2017 01:20 PM

Does this give you results?

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip

If so, try this

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip | search cip_Country !="United States"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

rjthibod
Champion
‎02-15-2017 01:20 PM

Does this give you results?

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip

If so, try this

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip | search cip_Country !="United States"

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎02-15-2017 03:12 PM

Please promote your comment to an answer, so the poster can accept it.

0 Karma
Reply
Solved! Jump to solution

rodiers01
New Member
‎02-15-2017 01:48 PM

BINGO! Good call with that last query. That's exactly what I needed!

The help is top notch over here.

0 Karma
Reply
Solved! Jump to solution

rodiers01
New Member
‎02-15-2017 01:03 PM

Cisco Security Suite, IIS Logging, Splunk App for Web Analytics, MS Windows AD Objects, Splunk App for Windows Infrastructure, Splunk Supporting Add-on for AD.

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎02-15-2017 12:55 PM

The community cannot efficiently help you unless you share information about the log / data sources you have available to you. Please share more information about the sourcetypes, log types. add-ons, etc. that are applicable to you.

Reply
Solved! Jump to solution

rodiers01
New Member
‎02-15-2017 01:18 PM

The query below that I'm trying isn't giving me any results either when I know It should be....

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip | search cip_Country !=United States

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...