SPLK-1003

Full exam simulation

1:00:00
1

Advanced Searching and Statistics

medium

A security team runs a search to count login failures per user over the last 24 hours: `index=security action=failure | stats count by user`. The results show counts, but some users have extremely high counts due to a brute force attack. The team wants to identify users with a count greater than 100. What should they do to get the desired list?

0 of 75 answered