Splunk – Settings – Data Input – File Directories – New Local File and Directory – Browse to the Linux log file.
![](https://tungle.ca/wp-content/uploads/2022/04/image-686.png)
Save as log as linux.
![](https://tungle.ca/wp-content/uploads/2022/04/image-687-1024x464.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-688.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-689.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-690-1024x345.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-691-1024x431.png)
Count the number of Failed passwords for user root
![](https://tungle.ca/wp-content/uploads/2022/04/image-693-1024x584.png)
sourcetype="linux" Failed password root | stats count
![](https://tungle.ca/wp-content/uploads/2022/04/image-692.png)
+ Count the number of Failed password except root.
![](https://tungle.ca/wp-content/uploads/2022/04/image-694-1024x606.png)
sourcetype="linux" Failed password NOT root | stats count
![](https://tungle.ca/wp-content/uploads/2022/04/image-695-1024x646.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-696.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-698-1024x500.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-697.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-699.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-700-1024x778.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-701-1024x573.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-702.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-703-1024x577.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-704-1024x506.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-705-1024x302.png)
sourcetype=linuxlogs NOT 'allurbase' | stats count by IP | head 10
![](https://tungle.ca/wp-content/uploads/2022/04/image-707-1024x483.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-708.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-709-1024x454.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-711-1024x394.png)
+ show top 5 port number used for ssh2.
![](https://tungle.ca/wp-content/uploads/2022/04/image-713.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-714-1024x627.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-715-1024x548.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-716.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-717.png)
sourcetype="linux" | stats count by sshport | sort count by desc | head 5
![](https://tungle.ca/wp-content/uploads/2022/04/image-718-1024x420.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-719.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-720.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-721-1024x473.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-722-1024x521.png)
+ show top 5 port number used for ssh2
![](https://tungle.ca/wp-content/uploads/2022/04/image-726-1024x322.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-727-1024x549.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-728.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-729.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-730.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-731-1024x598.png)
![](https://tungle.ca/wp-content/uploads/2022/04/image-732-1024x551.png)
sourcetype="linux" session opened for user | stats count by user | sort count desc | head 5
![](https://tungle.ca/wp-content/uploads/2022/04/image-733-1024x420.png)
Import Windows log file.
source=”windows_perfmon_logs.txt” | stats count by collection | where count>100 | sort collection desc
![](https://tungle.ca/wp-content/uploads/2022/04/image-734-1024x555.png)
+ Count ComputerName start with acme and sort by desc.
source="windows_perfmon_logs.txt" ComputerName="acme*" | stats count by ComputerName | sort count desc
![](https://tungle.ca/wp-content/uploads/2022/04/image-735-1024x431.png)