Splunk Search

What is the most accurate metric to track Windows login times?

JustAnotherITG
Explorer

Greetings fellow Splunkers,

I was wondering if anyone has figured out what seems the most accurate metric to track when a user logs into windows. not the boot up/Startup time but the time between when a user puts in their password and they are able to interact with the desktop. I am not able to see a particular event. Waiting for GPO to complete is not viable since we stream them in the background.  Comparing events between local and AD events might prove useful but we have a significant amount of users that are WFH and they use cached creds until they get on the VPN. Comparing the login between them getting on the VPN would be simpler to get but if they do anything else before they log into the VPN that will throw it off as well..  Appreciate anything thoughts or ideas you fine folks might have.

Thank you!

Labels (1)
0 Karma

yuanliu
SplunkTrust
SplunkTrust

You can probably get more help from https://community.splunk.com/t5/Splunk-IT-Service-Intelligence/bd-p/it-it-service-intelligence as more people have knowledge about platform- and application-specific datasets there.

0 Karma

JustAnotherITG
Explorer

I will do that. Thank you!

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

[Coming Soon] Splunk Observability Cloud - Enhanced navigation with a modern look and ...

We are excited to introduce our enhanced UI that brings together AppDynamics and Splunk Observability. This is ...

Splunk Smartness with Patrick Tatro | Episode 4

Welcome to another episode of "Splunk Smartness," where we explore how Splunk Education can revolutionize your ...