Hi all, I am trying to put together a search and stats table for users in our environment who have uploaded data to a domain where there has been not been any other upload activity to that domain i...
...ogout_time field in raw data. Now, the requirement is to track all activities done by the user starting from login_time and ending with login_time + 8 hours. 1) How do i add t...
Hello everybody, (Sorry for my english) splunk version 7.0.0
I have two problems on my search
I am searching the activity of log in of three users last month, the problem here is when i w...
...og events from one single domain controller to Splunk.
What would be a proper search string to use to find account logon/logoff activity for domain admins? Will I need to do a general search for a...
...can add inline to tell splunk I want the "original" event, and not results from my own searchactivity on the said event? I know I can use a NOT user=me, but that's super explicit and that c...
When matching against threat intel the notable events only shows the source and destination of the matched event. Is there a way to make the correlation search only find specific events with a s...
Hello and happy new year to all,
As the title says I would like to have the list of servers that have connected over the last 14 days (Lastlogon)... I have tried several methods but nothing works, ...
...arliest >= relative_time(now(), "-1d@d"), 30, 0)
I want to make sure I am checking the last 30 days of admin activity in the lookup against the 15m I just searched for. If nothing is found no alarm b...
I need to be able to detect this pattern of events, in a series of events where the TERMINAL number is increasing by 1 and eventually has a status of 'S', in other words, I need to be detect the eve...