×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
cam98
Engager
Member since: ‎10-31-2020
‎11-03-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎10-31-2020
Activity Feed
View All

Search WinEventLogs based on user as Variable

by in Splunk Search
‎10-31-2020 06:39 AM
1 Karma
‎10-31-2020 06:39 AM
1 Karma
Hi, I'm new to Splunk & just getting used to it. I'm trying to search for Windows event logs relative to the "TargetUserName" field in the logs. I'm trying to run a search that shows me user accounts that have had two different event logs associated with it in a 7 day period.   The search i'm looking to run is: if a user has had event code 4724 generated and then has event code 4740 occur within 7 days after code 4724 was seen. I was thinking i'd have to define the user name as variable that bring back the results if the event code conditions match (as described above.   Or could there be a better way of going about this?   Any help is appreciated. Thanks. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-03-2020 01:14 PM
Karma from
View All