Security

What search syntax to search for VPN log history of specific user?

rhazzaguilar
New Member

What search syntax to search for VPN log history of specific user?

Tags (1)
0 Karma

lukejadamec
Super Champion
search index=yourvpnindex sourcetype=yourvpnsourcetype  "*yourspecificuser*" 

More information about what you want out of the search would be helpful.

General rules for an efficient search are to be as specific as possible with the search.

0 Karma

lukejadamec
Super Champion

Can you run a search in the Search App that shows the logs you're interested in?

If so, then do so. Look to the left. The source, sourcetype, and index will be listed. To find the index you might have to scroll to the bottom and select View All.
Post back what you find along with a pretend user name.

0 Karma

rhazzaguilar
New Member

if I am using Cisco Anyconnect, what will be my vpnindex and vpnsourcetype?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...