Failed Attempts to Logon to Splunk Web

The following Splunk Search Query will return all users who have failed to logon to the Splunk Web console. This query will also include an average (from eventstats).  

Continue Reading →

Detailed list of Universal Forwarders Reporting to Indexer

The following query will list in detail information on the universal forwarders checking into the indexer. I’ve renamed some of the fields to be more user-friendly.

Continue Reading →