Hi,
I wanted to display in a form of a table the current logged in VPN users.
my search command is this
host="" user=* | stats count by user
![alt text][1]
However, i do not want it to show the count and i want to see the time logged in as well, how can i improve my search to show that?
I am new to Splunk and from what i understand, if I am using openvpn logs i should have the PF-sense app downloaded for the CIM compliant field extractions?
I have downloaded the add-on to my Splunk but have problems understanding how i should be configuring the PF-sense app to support the field extractions for openvpn logs?
Any help would be appreciated! Thank you!
this is something that i would like:
user | ip address | Connected Time
=======================
student01 | 10.0.0.80 | 02:50:51
[1]: /storage/temp/217863-capture3.png
↧