Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get a logging hours report of the employee in splunk

mputtam
Path Finder
‎09-23-2020 01:36 AM

Hi Community,

I Need to find the login hours of the user/employee. Did we see those results in splunk...? Please help me out on this.

Thanks...

Labels (2)
Labels
Reply

inventsekar
SplunkTrust
SplunkTrust
‎09-23-2020 03:55 AM

Hi @mputtam You have to provide us few more detailed information.. which application your employee's use to login? are those app login details/logs are ingested into splunk? 

index=<employee email id> --- is generally a wrong process. 

 

index=login-app employee=emp-mail-id (or emp=emp-id or something...) is the right method. 

 

(i have given around 300 karma points so far received badge for that,.. maybe you also give karma points if a post helped you, thx)

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-23-2020 01:58 AM

Logged into where? What data do you have in splunk to help you determine this?

0 Karma
Reply

mputtam
Path Finder
‎09-23-2020 02:19 AM

Hi,

I believe that Logged in to applications or hosts will be helpful.  If you have any other views that would be helpful to short it out this issue.

 

Thanks...

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-23-2020 02:39 AM

OK so what data do you already have in splunk?

0 Karma
Reply

mputtam
Path Finder
‎09-23-2020 03:10 AM

I had written " index=* <user email address> " in the search head which is not useful to me. help me out is there any other way to find the logs.

one of our employee is going to be terminated so we need to monitor the user login hours.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-23-2020 03:49 AM

I am afraid I can't help you unless you explain what data you have in splunk. Imagine I asked you to find all the mentions of the name John on my bookshelf. How would you do that? Oh and I also want you to check all the books I have stacked on the floor, but you could only look at them if I put them on the shelf?

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...