Splunk Search

How to get a logging hours report of the employee in splunk

mputtam
Path Finder

Hi Community,

I Need to find the login hours of the user/employee. Did we see those results in splunk...? Please help me out on this.

Thanks...

Labels (3)

inventsekar
Super Champion

Hi @mputtam You have to provide us few more detailed information.. which application your employee's use to login? are those app login details/logs are ingested into splunk? 

index=<employee email id> --- is generally a wrong process. 

 

index=login-app employee=emp-mail-id (or emp=emp-id or something...) is the right method. 

 

(i have given around 300 karma points so far received badge for that,.. maybe you also give karma points if a post helped you, thx)

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Logged into where? What data do you have in splunk to help you determine this?

0 Karma

mputtam
Path Finder

Hi,

I believe that Logged in to applications or hosts will be helpful.  If you have any other views that would be helpful to short it out this issue.

 

Thanks...

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

OK so what data do you already have in splunk?

0 Karma

mputtam
Path Finder

I had written " index=* <user email address> " in the search head which is not useful to me. help me out is there any other way to find the logs.

one of our employee is going to be terminated so we need to monitor the user login hours.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

I am afraid I can't help you unless you explain what data you have in splunk. Imagine I asked you to find all the mentions of the name John on my bookshelf. How would you do that? Oh and I also want you to check all the books I have stacked on the floor, but you could only look at them if I put them on the shelf?

0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...