Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

User Activity in DBConnect

DBConnect _internal audittrail

Description

Submitted by SplunkNinja

The following Splunk query is for the DBConnect app.  This will return all user activity using this particular app. I've provided the regex in the search.  
5 0 
index=_audit sourcetype=audittrail action="db_connect*" |eval Date=strftime(_time, "%Y/%d/%m") |rex "user=(?<user>\S+)," | stats count by Date, user, info, action

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom