Hi @papa , As @renjith_nair suggested, the lookup is one idea. or if you already ingested the 
multiple samaccountnames csv files to splunk, then, you can simply query the multiple files altogether.  my apologies if you already know this method. 

index=indexName <multiple-SamAccountNames> EventCode=4624 | table _time,EventCode,src,user,Logon_Type