In that case, you can replace that with REGEX = SET timestamp=\d+;((?s).+?;)
FORMAT = sql_query::$1
(if SET timestamp line and SQL Query are not in the same line, please include a '\n' at the end of the timestamp statement in the regex)
... View more
Try this
index=ftp sourcetype=vsftpd_accessLog [search index=ftp FTPUser="test" sourcetype=vsftpd | stats count by client | fields - count]
This should give you all vsftpd_accessLog entries for client (client IP) used by user test
... View more
I've created a dashboard to show basic information from our web servers. We are currently using the Splunk integrated map to show the locations of our site visitors but we'd rather use the Google maps app on this dashboard as it looks a lot better and shows more information.
The end goal here is to be able to include Google maps on our "web" dashboard.
... View more
That works great thank you. Is there a way I can get it to show me the User name's instead of a number. I know if I client the client ip it will show me usernames but any way to see it on my search screen?
... View more