Hi @mputtam You have to provide us few more detailed information.. which application your employee's use to login? are those app login details/logs are ingested into splunk?
index=<employee email id> --- is generally a wrong process.
index=login-app employee=emp-mail-id (or emp=emp-id or something...) is the right method.
(i have given around 300 karma points so far received badge for that,.. maybe you also give karma points if a post helped you, thx)
Logged into where? What data do you have in splunk to help you determine this?
I believe that Logged in to applications or hosts will be helpful. If you have any other views that would be helpful to short it out this issue.
OK so what data do you already have in splunk?
I had written " index=* <user email address> " in the search head which is not useful to me. help me out is there any other way to find the logs.
one of our employee is going to be terminated so we need to monitor the user login hours.
I am afraid I can't help you unless you explain what data you have in splunk. Imagine I asked you to find all the mentions of the name John on my bookshelf. How would you do that? Oh and I also want you to check all the books I have stacked on the floor, but you could only look at them if I put them on the shelf?