×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
mcy
Engager
Member since: ‎08-19-2016
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎08-19-2016
Activity Feed
View All

Re: How to search VPN logins during certain hours ...

by in Splunk Search
‎08-19-2016 11:13 AM
1 Karma
‎08-19-2016 11:13 AM
1 Karma
Thanks Sundareshr, but it only gives me times between 5am and 11pm, so basically the same results I was getting before. I am trying to find any logins between 11pm -5am (i.e. midnight, 1 am, 2 am, etc... not 6am, 7 am, 1pm, 2pm, etc...) I ended up resolving it by changing the < > to the below: tag=vpn earliest=-7d@d |eval HoD=strftime(_time, "%H") | where HoD<5 AND HoD<22 |sort user _time | table user _time vendor_action legal_time | top limit=1000 vendor_action That gave me the results I was looking for. Thank you for helping still as it caused me to take a look again and also learn some new search syntax. ... View more

How to search VPN logins during certain hours for ...

by in Splunk Search
‎08-19-2016 10:27 AM
‎08-19-2016 10:27 AM
I have a search that tracks VPN logins for known/unknown users that works fine. I am trying to filter for only logins during a specific time which for me is 11pm to 5am for whatever specified date range I give (prior day, week, month, or specific date to date). The current search I am using gives me all logins over the specific date range I choose. I am trying to come up with a search for instance for VPN logins during 11pm - 5am on any date between August 12 - 19. My current search is: tag=vpn |eval legal_time=if(date_hour < 5 AND date_hour > 22,"No","Yes") |sort user _time | table user _time vendor_action legal_time | top limit=1000 vendor_action ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All