Hi all, someone can tell me how to do this query on the search app?
multiple login done by more than one pc
Thanks to all that can help me
It will vary based on your sourcetype, field extractions, and definition of "multiple login done by more than one pc".
To search for users signing onto a single server multiple times, you might try something like:
"login successful" | stats count by uid, server | where count > 1
To search for one server that was accessed my multiple accounts:
"login successful" | stats count by server, uid | stats count by server | where count > 1
It will vary based on your sourcetype, field extractions, and definition of "multiple login done by more than one pc".
To search for users signing onto a single server multiple times, you might try something like:
"login successful" | stats count by uid, server | where count > 1
To search for one server that was accessed my multiple accounts:
"login successful" | stats count by server, uid | stats count by server | where count > 1
all of this...not website
logins to what? Active Directory? A Widows computer? A *nix machine? A website?