Failed and Successful Authentication Attempts

Compare failed and successful authentication attempts by department.

Bar Chart type: multiple series, grouped Bar Chart.

Sample input data. Here is example input data for this scenario:

{"timestamp": "2025-08-11T00:01:23Z", "department": "IT", "auth_status": "success", "user": "admin1"}
{"timestamp": "2025-08-11T00:01:24Z", "department": "HR", "auth_status": "failed", "user": "hr_user"}
{"timestamp": "2025-08-11T00:01:25Z", "department": "Sales", "auth_status": "success", "user": "sales1"}
{"timestamp": "2025-08-11T00:01:26Z", "department": "IT", "auth_status": "failed", "user": "tech2"}
{"timestamp": "2025-08-11T00:01:27Z", "department": "HR", "auth_status": "success", "user": "hr_admin"}

Query. To create this bar chart, use the following query:

logscale

groupBy([department, auth_status], function=count())
| sort(department)

This query performs the following operations:

Groups events by two fields: department and auth_status.
Counts events for each unique combination, showing how many events exist for each department/auth_status pair.
With sort(), orders the results alphabetically by department name and groups all results for same department together.

The chart is useful for purposes such as authentication monitoring by department, security analysis, or for identifying problematic departments.

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Dashboards

Widgets

Automation

Template Language

Keyboard Shortcuts

Failed and Successful Authentication Attempts

Other articles on this topic

Similar Content

Training

Enter search term