Still somewhat learning Splunk but looking to do the following: *Count total number of password resets from index="okta" AND result="User updated their Okta password" for a 24 hour window. * Chart out over the course of one business week how many users have changed their passwords. Ideally I'd like to run this report at the end of the week to visually see trends of people changing passwords and share with my team. I can pull the total count for the last 24 hours, I just need the total for each day over the last business week. ... View more

I've followed instructions exactly as posted. When I click save I get this: Encountered the following error while trying to update: Error while posting to url=/servicesNS/nobody/sophos_central/storage/passwords/ Running Ubuntu 16 Server and Splunk 7.0.2. Not sure how to proceed. ... View more

I am pulling Windows event logs for software updates. There's a column for successRatio that is either Success or Failure as the result. I would like to append my event log search query to give me a total number of Success and total number of Failure. Bonus points if we can make it a numerical value on a dashboard. Here is my initial search query: index=wineventlog sourcetype=WinEventLog:System EventCode=19 | eval Date=strftime(_time, "%Y/%m/%d") | rex "\WKB(?<KB>.\d+)\W" | eval successRatio=mvindex(split(Keywords,","),-1) | stats count by Date , host, package_title, KB , body , successRatio| sort host This works great, but like I said, I'd like to have a total count of success and failures available in a report and a dashboard. ... View more