Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Junk characters showing when I use stats with list command to get the logins and logout of a VPN

asing13
Path Finder
‎07-17-2021 09:41 AM

Dear Community Members ,

In splunk cloud instance :
I am trying to get VPN login and logout for users in a single table sorted by Username and Time.

The query is as below:

eventtype="my_eventtype_1" eventtype="my_eventtype_2" (((EventIDValue=gateway-auth OR EventIDValue=clientlessvpn-login) EventStatus=success SourceUserName!="pre-logon") OR Stage=logout) | stats list(EventIDValue) as Activity,list(_time) as Time by SourceUserName |rename SourceUserName as username|convert ctime(Time)|eval username=upper(username)|sort username,-Time

The search is for a period of 24 hours.

I am getting the data but along with it, I see junk characters (if I may call them so).

Kindly help to understand how to resolve the same.

I also tried adding limit=0 along with stats command but no use.

Below is the screenshot of the fields. I have not shown the username field for security reasons.

asing13_0-1626539775826.png


I have used a similar query for another VPN and it works fine there and I don't see these characters !

Regards,

Abhishek Singh

Labels (3)
0 Karma
Reply

asing13
Path Finder
‎07-17-2021 09:53 AM

eventtype="my_eventtype_1" eventtype="my_eventtype_2" (((EventIDValue=gateway-auth OR EventIDValue=clientlessvpn-login) EventStatus=success SourceUserName!="pre-logon") OR Stage=logout) | stats list(EventIDValue) as Activity,list(_time) as Time by SourceUserName |convert ctime(Time)|sort SourceUserName,-Time

 

0 Karma
Reply

asing13
Path Finder
‎07-17-2021 09:42 AM

More examples of the issue.

asing13_0-1626540121293.pngasing13_1-1626540141096.png

asing13_2-1626540156088.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top