Splunk Search

Junk characters showing when I use stats with list command to get the logins and logout of a VPN

asing13
Path Finder

Dear Community Members ,

In splunk cloud instance :
I am trying to get VPN login and logout for users in a single table sorted by Username and Time.

The query is as below:

eventtype="my_eventtype_1" eventtype="my_eventtype_2" (((EventIDValue=gateway-auth OR EventIDValue=clientlessvpn-login) EventStatus=success SourceUserName!="pre-logon") OR Stage=logout) | stats list(EventIDValue) as Activity,list(_time) as Time by SourceUserName |rename SourceUserName as username|convert ctime(Time)|eval username=upper(username)|sort username,-Time

The search is for a period of 24 hours.

I am getting the data but along with it, I see junk characters (if I may call them so).

Kindly help to understand how to resolve the same.

I also tried adding limit=0 along with stats command but no use.

Below is the screenshot of the fields. I have not shown the username field for security reasons.

asing13_0-1626539775826.png


I have used a similar query for another VPN and it works fine there and I don't see these characters !

Regards,

Abhishek Singh

Labels (3)
0 Karma

asing13
Path Finder

eventtype="my_eventtype_1" eventtype="my_eventtype_2" (((EventIDValue=gateway-auth OR EventIDValue=clientlessvpn-login) EventStatus=success SourceUserName!="pre-logon") OR Stage=logout) | stats list(EventIDValue) as Activity,list(_time) as Time by SourceUserName |convert ctime(Time)|sort SourceUserName,-Time

 

0 Karma

asing13
Path Finder

More examples of the issue.

asing13_0-1626540121293.pngasing13_1-1626540141096.png

asing13_2-1626540156088.png

 

0 Karma
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...