Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Successful Windows Logons with Average Overlay

WinEventLog:Security

Description

Submitted by ItsJohnLocke

The following Splunk query will display successful windows logins and overlay an average on visualizations.
2 1 
source="WinEventLog:Security" (Logon_Type=2 OR Logon_Type=7 OR Logon_Type=10) (EventCode=528 OR EventCode=540 OR EventCode=4624) | timechart count(EventCode) as count | eventstats avg(count) as Average | eval average=round(average,0) | rename count as "Successful Logons"

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom