×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Mmilaham
Loves-to-Learn
Member since: ‎12-17-2021
‎12-20-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-17-2021
Activity Feed
Topics I've Started
View All

Re: Failed Login Query

by in Splunk Search
‎12-17-2021 02:48 PM
‎12-17-2021 02:48 PM
I'm still getting fewer result compared to running the first query. Also some of the Account Name are wrong(It's just displaying the Host name). ... View more

Failed Login Query

by in Splunk Search
‎12-17-2021 01:24 PM
‎12-17-2021 01:24 PM
Hello, I am trying to write a query that will display failed logins (Account_Name, Host, Count). First Query index=wineventlog EventCode=4625 | top limit=20 Account_Name host  | where count > 9 Con 1. Displays "-" in some of the Account_Name fields  Pro 1. Displays all the count and host fields correctly. Second Query index=wineventlog EventCode=4625  | rex "(?ms)Account For Which Logon Failed.+?Account Name:\s+(?<Account_Name>\V+)" |top limit=30 Account_Name host| where count >=9 Con Displays all the Account_Name, count and host fields correctly but displays a lot less results on the table compared to the first query.   Pro Displays all the Account_Name, count and host fields correctly   I need a query that will displays all the Account_Name, count and host fields correctly as well as displays the same amount of results in the first query. Any help is appreciated. Thanks in advance.    ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-20-2021 06:54 AM