This splunk query will list all successful logins by account name for a given time range. This query will work on a variety of Windows Operating systems to include XP, 2003, Vista, 2008, 7, 8, and server 2012. I’ve tested in some capacity in Windows 10 for some of my queries, so far they appear […]
Unintended Windows Shutdowns
This splunk query will show any unintended Windows system Shutdowns. Ensure the Splunk App for Windows is installed, you can grab it here: https://apps.splunk.com/app/742/
|
1 |
sourcetype="WinEventLog:system" EventCode=6008 | eval Date=strftime(_time, "%Y/%m/%d") | table Date host, index, Message | sort - Date |
Count of Unique Users in a Linux Environment
This splunk query will return the total number of unique users in a given time range.
|
1 |
sourcetype=linux_secure | rex "\suser[^'](?<User>\S+\w+)" | stats dc(User) |
