Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Top 10 most active Users in Linux

linux_secure

Description

Submitted by SplunkNinja

The following splunk query example will return the top 10 most active users in a given time range  
3 0 
sourcetype=linux_secure | rex "\suser[^'](?<User>\S+\w+)" | top limit=10 User

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom