Splunk Search

How to search for last/current users logged into certain particular windows and linux servers

rockyrc
New Member

Need a search query to list the last/current user logged into certain particular windows and linux servers

Tags (1)
0 Karma

woodcock
Esteemed Legend

For windows, you need to enable WinEventLog://Security events and this app for Linux:
https://splunkbase.splunk.com/app/833/

Then just check for the associated successful login events and use dedup host to get the last one.

0 Karma

jdkirker
New Member

I am also looking for assistance with this type of query.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...