Splunk Searches | A collection of useful Splunk SPL

Splunk Search for User activity for DB Connect App Copy


				index=_audit sourcetype=audittrail action="db_connect*" | eval Date=strftime(_time, "%b %d, %Y") |rex field=_raw "user=(?<user>\w+)," | stats count as Count by Date, user, info, action

0 comments

[0]