Add more Information to a Report

Help Center Logpoint Docs Idea Portal Logpoint.com

Hi there,

i’m new using Logpoint. So i need some help for a search i would like to do. I would like to add some more information to the search “Top 10 User in Failed Kerberis Authentication” there i would like to add on which workstation the user have tryed to logon.

Page 1 / 1

You can modyfy your search with this query.

norm_id=WinServer label=Kerberos label=Authentication label=Fail -user=*$ user=* | process dns(source_address) as WORKSTATION | rename description as reason | chart count() by user,WORKSTATION, source_address, pre_authentication_type, reason order by count() desc limit 10

Regards Kai

Thanks al lot

That was exactly what i was looking for.

Carsten

No problem, have fune. :)

-Kai

Hello Carsten,

You can also find useful use cases in our “Knowledge base” section:
https://community.logpoint.com/knowledge-base

/Rasmus

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded