cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
tylermonteith
Explorer
Member since: ‎03-25-2024
‎03-26-2024
Community Statistics
Posts 3
Solutions 1
Karma Given 3
Karma Received 0
Member Since ‎03-25-2024
Activity Feed
View All

Re: Unique users logging in each day chart / searc...

by in Splunk Search
‎03-25-2024 12:43 PM
‎03-25-2024 12:43 PM
Can I use wildcard values in the IN command? user IN (System Administrator Guest admin*)  So basically omit any user that starts with the word admin? ... View more

Re: Unique users logging in each day chart / searc...

by in Splunk Search
‎03-25-2024 12:21 PM
‎03-25-2024 12:21 PM
Thank you! If I could ask one more question I'm now wanting to filter that out a bit. So when looking that up I'm told to do | where user!="SYSTEM" or something like that EventCode=4624 user!="*$" | timechart span=1d dc(user) as "Unique Users" | where user!="SYSTEM" So that has me think 2 questions. If != is the sign for EXCLUDE then why does this above statement work user!="*$" and second question since it DOES work how can I exclude multiple values? example: | where user!="SYSTEM","Administrator","Guest", etc? ... View more

Unique users logging in each day chart / search

by in Splunk Search
‎03-25-2024 07:31 AM
‎03-25-2024 07:31 AM
I seem to be close on trying to find the statistics to be able to pull unique users per day but I know I'm missing something. Goal: Have a stat/chart/search that has the unique user attribute per day for a span of 1 week / 1 month / 1 year search. Search queries trialed: EventCode=4624 user=* stats count by user | stats dc(user) EventCode=4624 user=* | timechart span1d count as count_user by user | stats count by user So the login event 4624 would be a successful log in code and then trying to get it to give me a stat number of the unique values of user names that get it each day for a time span. Am I close? Any help would be appreciated! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-26-2024 06:46 AM
Karma given to
View All