SPL
Weekend User Activity
Description
Run the following (modify user field as needed) to show weekend activity:
1 3
sourcetype="WinEventLog:Security" (date_wday=saturday OR date_wday=sunday) | stats count by Account_Name, date_wday
GoSplunk SPL + dashboard repository
Comments
7 total
Is it possible to add a specific user account to this search? So instead of searching all accounts, you could search one or two accounts?
yes you can specify by: Account_Name=\"user_name_here\"
Thank you! I'm new to Splunk so can you tell me where I would place that syntax in the search string?
sourcetype=\"WinEventLog:Security\" (date_wday=saturday OR date_wday=sunday) Account_Name=”user_name_here” | stats count by Account_Name, date_wday
Thanks Splunk Ninja! I'm wondering if this website also has a section for requests? Do you happen to know about this? I'm trying to find a query that would search for steganography applications across our enterprise. Any ideas?
Thank you Splunkysplunk! I'm wondering if this website also has a section for requests? Do you happen to know about this? I'm trying to find a query that would search for steganography applications across our enterprise. Any ideas?
Feel free to join our discord for a live chat & discussion as well as requests! https://discord.gg/K8CFbB7
Leave a comment
You must log in to post a comment.