×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
th3_ugm4n
New Member
Member since: ‎11-07-2021
‎11-07-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-07-2021
Activity Feed
View All

Compare items in lookup tables against auth logs

by in Splunk Search
‎11-07-2021 07:39 PM
‎11-07-2021 07:39 PM
Hi all! Pretty new to splunk so just seeing if this is even possible. I have 2 lookups I have created, one that is users who are in our privileged access AD group (admins) and the other that is machines that are in the same group. What I am trying to do is see who from the USER lookup has logged into which machine in the MACHINE lookup, by using the auth logs that are pumped into splunk. I am trying the search below but I don't seem to be getting anywhere with it   index=auth EventCodeDescription="An account was successfully logged on" [|inputlookup users.csv][| inputlookup machines.csv]   I've also tried with the below but also no luck   index=auth EventCodeDescription="An account was successfully logged on" user=inputlookup users.csv src=inputlookup machines.csv   Any help from the community would be great! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-07-2021 11:15 PM