Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

splunk query issues

anu1
New Member
‎01-08-2025 09:35 PM

Hey team,

I have one requirement i.e have to Create a splunk dashboard to report the # of Logins , # of Logouts

The input for the Splunk report should be as follows : 

Input dropdown - Time Picker, Customer, Host Name

Either identify using probe data or Splunk Command metrics

Output for the following metrics should be shown as a timegraph with # of logins, logouts ,

the graph should consists of time,which host and which customer we are using.and the query also should have the tokens when i ran the query can you give me the search query for this requirement.I used multiple queries but am not getting the exact data.

Can you help me with the query.Thanks.

Labels (4)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-08-2025 11:59 PM

Hi  @anu1

,the dashboard is very easy, but it requires a preparation that depends on the number of data sources that you want to display in this dashboard.

In few words, you should:

  • analyze your data sources and define the conditions for LOGIN, LOGOUT and LOGFAIL, eg, for Windows login is EventCode=4624, logout is EventCode=4634 and logfail is EventCode=4625,
  • then create av eventtype for each condition assigning a tag (LOGIN, LOGOUT or LOGFAIL) to each eventtype,
  • create some alias to have the same field names for the fields to display (e.g. UserName, IP_Source,  Hostname, etc...)
  • create a dashboard running a search like the following:
tag=$tag$ host=$host$ UserName=$user$
| table _time tag HostName UserName IP_Source

the three tags in the main search come from three inputs.

Let me know if you need help to create the dashboard that's very easy.

Ciao.

Giuseppe

 

0 Karma
Reply

anu1
New Member
‎01-09-2025 12:13 AM

Sure.Thank you.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-09-2025 03:33 AM

Hi @anu1 ,

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma
Reply

PaulPanther
Motivator
‎01-08-2025 10:53 PM

Please share the search so far and some sample data then we might be able to help you with the search query.

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...