Need a search query to list the last/current user logged into certain particular windows and linux servers
For windows, you need to enable WinEventLog://Security
events and this app for Linux:
https://splunkbase.splunk.com/app/833/
Then just check for the associated successful login events and use dedup host
to get the last one.
I am also looking for assistance with this type of query.