Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to generate a search to see which users have signed in from a different country other than the U.S. in the last 24 hours?

rodiers01
New Member
‎02-15-2017 12:39 PM

Good afternoon all

I'm just looking for a search that will search for anyone that has logged in to a web site, from a different Country (other than the U.S.), in the last 24 hours. Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rjthibod
Champion
‎02-15-2017 01:20 PM

Does this give you results?

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip

If so, try this

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip | search cip_Country !="United States"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

rjthibod
Champion
‎02-15-2017 01:20 PM

Does this give you results?

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip

If so, try this

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip | search cip_Country !="United States"

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎02-15-2017 03:12 PM

Please promote your comment to an answer, so the poster can accept it.

0 Karma
Reply
Solved! Jump to solution

rodiers01
New Member
‎02-15-2017 01:48 PM

BINGO! Good call with that last query. That's exactly what I needed!

The help is top notch over here.

0 Karma
Reply
Solved! Jump to solution

rodiers01
New Member
‎02-15-2017 01:03 PM

Cisco Security Suite, IIS Logging, Splunk App for Web Analytics, MS Windows AD Objects, Splunk App for Windows Infrastructure, Splunk Supporting Add-on for AD.

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎02-15-2017 12:55 PM

The community cannot efficiently help you unless you share information about the log / data sources you have available to you. Please share more information about the sourcetypes, log types. add-ons, etc. that are applicable to you.

Reply
Solved! Jump to solution

rodiers01
New Member
‎02-15-2017 01:18 PM

The query below that I'm trying isn't giving me any results either when I know It should be....

index="iis_log" cs_username !=OTHER | dedup c_ip | iplocation prefix=cip_ c_ip | search cip_Country !=United States

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...