Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

List of Users in a Linux Environment

linux_secure

Description

Submitted by SplunkNinja

The following splunk query will ouput a list of user accounts appearing in linux_secure audit logs:
3 0 
sourcetype=linux_secure | rex "\suser[^'](?<User>\S+\w+)" | stats count by User

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom