Splunk Search

How to find all the machines that are accessed or logged in as root?


I have *nix add-on installed on all our linux machines and we get all the default data from the add-on , which source or sourcetype gives the user login details with root access.
I am trying get a list of all the users on hosts logged in as root.

Thanks in Advance!

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!