Forgive me for this question, but I am new with Splunk.
We are looking to see if we can use Splunk to locate accounts (Active Directory for example) where there are multiple simultaneous logins. For example, we want to know if JSMITH is logged in twice (or more) at the same time. Since we prohibit that, we want to report on it. Any ideas how we can do this and yet minimize false positives?