Splunk Search

How to find all the machines that are accessed or logged in as root?


I have *nix add-on installed on all our linux machines and we get all the default data from the add-on , which source or sourcetype gives the user login details with root access.
I am trying get a list of all the users on hosts logged in as root.

Thanks in Advance!

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...