I am not sure this is running the reports every 5 minutes, 1hour, or 24 hours as I think I set it up. I tried to trip an alert with logging in wrong but didn't get anything on my dash board. If I set up send email I get one every 5 minutes but I that I am not running the search again - just getting the PDF every 5 minutes.... Do I need to set these up as alerts? I was hoping on using the dash board - here is one of the dash boards: eventtype=failed_login hoursago=24 | stats latest(_time) AS time, count by username, host | search count > 3 | convert ctime(time) I need this to run every 24 hours same with the 1 hour and 5 minute dashboards I clicked the autorun in the editing of dashboards...I found some stuff in XML reference manua for refresh but no examples... thanks ... View more

From my one little online course I took I know there is a way to save the clones to the original so all three can exist together on the screen. What am I doing wrong trying to save them to the original? Also the search is find logins that are older then the search implies. Here is my search - I know its missing a field. eventtype=failed_login | stats latest(_time) AS time, count by username, host | search count > 3 | convert ctime(time) | sendemail to=James.M.Lynn@usps.gov MAPIEAGN.usps.gov subject="Failed Logins" message="These are failed logins" sendresults=true inline=true format=table sendpdf=true ... View more

Is there a search parameter that only gets new errors - not historical or old values. I want to see what is hitting the servers with logins now. Thank you.... ... View more

What is your initial search that gets you this far? "I am trying to monitor anonymous logins and login failures on my servers. My search runs fine".... ... View more