Skip to content

Instantly share code, notes, and snippets.

@tfhartmann

tfhartmann/splunktalk_vpn.md

Last active December 23, 2015 21:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tfhartmann/6700177 to your computer and use it in GitHub Desktop.
Save tfhartmann/6700177 to your computer and use it in GitHub Desktop.
Download ZIP
Searches from Splunk Talk
Raw
splunktalk_vpn.md

This week VS Lastweek!

`vpn` action=success earliest=-0d@d latest=now | eval ReportKey="Today" | append [search `vpn` action=success earliest=-1d@d latest=-0d@d | eval ReportKey="Last Week"   | eval new_time=_time+86400] | eval _time=if(isnotnull(new_time), new_time, _time)| timechart count by ReportKey

Sparkline for logins

 index=radius host=<VPNHOSTS> |stats sparkline count(action) as count  by action | sort -count
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment