Security

How to see how many users are currently logged in to a server, monitored in Splunk?

B83896
New Member

Hello. Lately, we have started monitoring Windows server in Splunk. I have created a few dashboards with basins windows performance checkers. I want also to create a dashboard/report to see how many users are currently logged on to the server, which is monitored in Splunk? What type of search do I need to undertake? Is it required to activate any other specific logs from the server? Thanks,

Tags (1)
0 Karma
1 Solution

vasildavid
Path Finder

I think you could accomplish this a couple of ways. You can either track the Windows Security Event Logs and look for logins/logouts or you could index the Windows PerfMon "\Server\Server Sessions" counter. The issue with trying to show the number of logged in users with the Event Logs is that if your reporting period is not large enough, a user who has been logged in since before that reporting period would not be included in the user count.

View solution in original post

0 Karma

nguyengiap00tha
New Member

I try track the Windows Security Event Logs and look for logins/logouts. But not combie Logs logon and logout?
Ples help!

0 Karma

vasildavid
Path Finder

I think you could accomplish this a couple of ways. You can either track the Windows Security Event Logs and look for logins/logouts or you could index the Windows PerfMon "\Server\Server Sessions" counter. The issue with trying to show the number of logged in users with the Event Logs is that if your reporting period is not large enough, a user who has been logged in since before that reporting period would not be included in the user count.

0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...