Splunk Search

How to find all the machines that are accessed or logged in as root?

vrmandadi
Builder

I have *nix add-on installed on all our linux machines and we get all the default data from the add-on , which source or sourcetype gives the user login details with root access.
I am trying get a list of all the users on hosts logged in as root.

Thanks in Advance!

0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...