×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
parthou
Explorer
Member since: ‎06-24-2020
‎07-24-2021
Community Statistics
Posts 5
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎06-24-2020
Activity Feed
Topics I've Started
View All

Re: how to set limit

by in Splunk Search
‎07-23-2021 11:57 PM
‎07-23-2021 11:57 PM
thanks and apologies for the delay in the reply. Thanks, Parth ... View more

Re: how to set limit

by in Splunk Search
‎06-25-2020 01:26 AM
‎06-25-2020 01:26 AM
Hi @gcusello , Yes it gives me some results. But I am not able to validate if it is right or wrong. Thanks, Parth  ... View more

Re: how to set limit

by in Splunk Search
‎06-24-2020 08:19 AM
‎06-24-2020 08:19 AM
Hi @gcusello , could you please try below query :   index="index name" EventCode=4625 sourcetype=WinEventLog | stats count by host, user | where count>5 | join type=left host,user [ search index="infra_it" EventCode=4624 sourcetype=WinEventLog | stats count as Logged_details by host,user] | where isnull(Logged_details) Thanks, Parth ... View more

Re: how to set limit

by in Splunk Search
‎06-24-2020 07:24 AM
‎06-24-2020 07:24 AM
Hi @gcusello ,  First of all, thank you so much for your prompt response. Here I am not looking for an exact brute force (but yes, kind of) use case. I am looking for something like If user X have performed login failure 5 in 1 hour and then he is doing successful login we should get that info in our dashboard. Hope this is helpful. Thanks, Parth ... View more

how to set limit

by in Splunk Search
‎06-24-2020 07:05 AM
‎06-24-2020 07:05 AM
Hello Experts, I am new to Splunk and trying to build basic queries in Splunk to build use cases. Currently I am working on a query-use case where in I want to list down the users for whom a successful attempt is observed after multiple unsuccessful attempts. For example, after 5 unsuccessful attempt (event code 4625) one successful attempt (event code 4624) is observed. Any suggestion to achieve this use case will be appreciated. Thanks in advance. Parth ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-24-2021 09:18 AM
Karma given to
View All