I'm trying to use the stats function to list out values in a field
In the 1st image, I have the following search:
type=USER_AUTH res=failed | dedup _raw | stats count as "Failed attempts", values(dest) as "Failed on servers" by acct
http : //postimg . org/ image/ 714eq18rn/
How would i get the number of times the user failed to login to each server along with the server name?
For example, i click on the 1st user and the field shows me this
http : //postimg .org/ image/ cx4yifa8h/
(The values are actually server names)
I would like to have an output like this
acct Failed attempts Failed on servers
1 acct1 15 server1 (5)
server2 (5)
server3 (2)
and so on.
Does anyone know how i would get this?
... View more