Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to search for accounts where users (ex: Active Directory) that are logged in two or more times at the same time?

Iggy66
New Member
‎05-03-2016 10:55 AM

Forgive me for this question, but I am new with Splunk.

We are looking to see if we can use Splunk to locate accounts (Active Directory for example) where there are multiple simultaneous logins. For example, we want to know if JSMITH is logged in twice (or more) at the same time. Since we prohibit that, we want to report on it. Any ideas how we can do this and yet minimize false positives?

Thanks!

0 Karma
Reply

rbittner_splunk
Splunk Employee
Splunk Employee
‎05-04-2016 10:51 AM

Are you running Splunk, or Splunk Light? Splunk Light doesn't support the App for Windows infrastructure (codifies these types of questions) but you can still use a basic search to do this.

There are couple of answers that address similar questions:
https://answers.splunk.com/answers/5928/search-query-for-multiple-login-done-by-more-than-one-pc.htm...
https://answers.splunk.com/answers/301152/how-to-search-a-list-of-users-that-have-logged-in.html

Hope this helps.

0 Karma
Reply

sundareshr
Legend
‎05-03-2016 12:39 PM

Have you looked at Splunk App for Windows Infrastructure app? https://splunkbase.splunk.com/app/1680/

0 Karma
Reply

Iggy66
New Member
‎05-03-2016 01:01 PM

Many thanks- I have not yet, but will check this out.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...