Solved: Re: How to fetch the user details who are all logg...

thahir · ‎12-22-2018

How to fetch the user details who are all logged in the server at a particular time

jkat54 · ‎12-23-2018

Use the windows ta to ingest the windows security event log and look for EventCodes 4624, 4634, and 4647.

“Windows Security Log Event ID 4624. This is a highly valuable event since it documents each and every successful attempt to logon to the local computer regardless of logon type, location of the user or type of account. You can tie this event to logoff events 4634 and 4647 using Logon ID” - google result

View solution in original post

jkat54 · ‎12-23-2018

Use the windows ta to ingest the windows security event log and look for EventCodes 4624, 4634, and 4647.

“Windows Security Log Event ID 4624. This is a highly valuable event since it documents each and every successful attempt to logon to the local computer regardless of logon type, location of the user or type of account. You can tie this event to logoff events 4634 and 4647 using Logon ID” - google result

richgalloway · ‎12-23-2018

The Splunk server or one monitored by Splunk? What details?

---
If this reply helps you, Karma would be appreciated.

thahir · ‎12-23-2018

Monitored by splunk

richgalloway · ‎12-23-2018

What details are you looking for? Are you indexing login and logoff events from the server?

---
If this reply helps you, Karma would be appreciated.

thahir · ‎12-23-2018

Logoff events from the server

jkat54 · ‎12-23-2018

Windows or Linux?

thahir · ‎12-23-2018

Windows

thahir · ‎12-23-2018

Windows

How to fetch the user details who are all logged in the server at a particular time

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability