×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
chetanchauhan
New Member
Member since: ‎06-12-2014
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-12-2014
View All

Re: splunk search for users logging onto servers

by in Splunk Search
‎10-07-2014 08:37 AM
‎10-07-2014 08:37 AM
Hi, thanks the following worked: EventCode=18453 | search NOT [ | inputlookup allowed_users.csv ] | stats count by User however the header of the CSV file should be User to match the syslog message. Regards, ... View more

Re: splunk search for users logging onto servers

by in Splunk Search
‎10-01-2014 02:43 AM
‎10-01-2014 02:43 AM
,Hi, thanks for your assistance. is there any particular place the allowed_user.csv would need to be? for example if i am on a Terminal Server and running Splunk HTTP can that csv be somewhere on that terminal server and i direct the lookup to it? Regards, ... View more

splunk search for users logging onto servers

by in Splunk Search
‎09-30-2014 05:09 AM
‎09-30-2014 05:09 AM
Hi, I have deployed splunk to log data of users who are logging onto servers (unix and windows). I want to create a report that shows users who are not permitted to log onto those servers. I have been given a list of users which are permitted to log on so wanted to create a search which shows user logging on except the permitted users. I am trying to use the following: | stats count by User Please can someone advise what commands to use to included the list of permitted users i have and to exempt them from the search result? Regards, Chetan ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM