Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to try to search for new MFA factors with DUO?

JR_Akaviri
Engager
‎07-14-2022 09:37 AM

I'm trying to find any new MFA factors(DUO) used by any user in the past X days in order to create an alert.  As an example a user uses push notifications every login for X-1 days then on the X day they use passcode, I want to trigger an alert or show up in a report.

 

I'm having an issue wrapping my head around on how to search for the first instance of a new value for the field factor in the past X days without specifying the expected value ahead of time (some users use push, some use phone call, some use pass code I just want to know when they use something different.  Any assistance or tips would be helpful.

Labels (1)
Labels
Tags (3)
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎07-17-2022 04:21 PM

Pro tip:

  1. Illustrate the data you re trying to search (sanitize as necessary).  This is a Splunk board.  Most people will not know what your DUO data look like.  
  2. Illustrate attempted code you have made so far to improve others' understanding of your intentions.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...