Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
265
Views
0
Helpful
0
Replies

Duo "Active" account data available via Splunk?

cmcc
Level 1
Level 1

‎07-31-2024 10:32 AM - edited ‎08-01-2024 11:27 AM

Is a field or value available in Duo that I can query via Splunk, that would enable me to sort by "Active" accounts? I am currently able to query the reason and factor fields for accounts that are not in Bypass, or that have authenticated via a particular authentication method, but I do not see a way to query accounts that are set to "Active." Any guidance on how to achieve this would be greatly appreciated! Ideally, I would like to be able to write something like:

index=duo factor="Active"
| stats dc(username) as active_students

Labels:
0 Helpful
0 Replies 0
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents