Introduction To Splunk & SPL

August 26, 2024

First we need to see the dashboard

Then we are going to click the search & reporting

The question is "find through an SPL search against all data the account name with the highest amount of Kerberos authentication ticket requests. Enter it as your answer."

I just use this command to search for the events that is related to kerberos authentication ticket which is eventcode=4769

index=* sourcetype="WinEventLog:Security" EventCode=4769

The question is "find through an SPL search against all 4624 events the count of distinct computers accessed by the account name SYSTEM. Enter it as your answer."

I just got helped by chat gpt to search for the commands that I needed to use. While i'm learning the commands at the same time.

index=* sourcetype="WinEventLog:Security" EventCode=4624 Account_Name="SYSTEM"
| stats dc(ComputerName) as distinct_computers