How to fetch the user details who are all logged in the server at a particular time
Use the windows ta to ingest the windows security event log and look for EventCodes 4624, 4634, and 4647.
“Windows Security Log Event ID 4624. This is a highly valuable event since it documents each and every successful attempt to logon to the local computer regardless of logon type, location of the user or type of account. You can tie this event to logoff events 4634 and 4647 using Logon ID” - google result
Use the windows ta to ingest the windows security event log and look for EventCodes 4624, 4634, and 4647.
“Windows Security Log Event ID 4624. This is a highly valuable event since it documents each and every successful attempt to logon to the local computer regardless of logon type, location of the user or type of account. You can tie this event to logoff events 4634 and 4647 using Logon ID” - google result
The Splunk server or one monitored by Splunk? What details?
Monitored by splunk
What details are you looking for? Are you indexing login and logoff events from the server?
Logoff events from the server
Windows or Linux?
Windows
Windows