Splunk Search

Search query login

pinzer
Path Finder

Hi all, i need to do a query about the number of login failed and succeeded in a time period. I'm auditing linux and windows machines. Thanks

0 Karma

Brian_Osburn
Builder

Are you trying to gather this information from the Windows Event logs and the syslogs from the *nix machines?

Brian

0 Karma

stephanbuys
Path Finder

Hi,

The Splunk for *NIX app that ships with the Linux versions has the queries "Successful User Logins" and "Failed Logins" built in (under the Users menu). Would that be sufficient? Just load Splunk, Enable the *NIX app and configure it.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...