Wow, we are looking to do the same thing and are having a hard time. All we are really looking for is where the local log files inside of DA are located that will show UserName and Logon/Logoff times. Would also be great to have any logoff/disconnection error codes in case a user who loses internet at home has a different logged event than a user who manually initiates a log off of the laptop running DA. Has anyone been able to find this local log? if we can locate that, we can set splunk up to monitor a remote folder and grab the data every time that directory changes and index for reporting. ... View more

I tried this and all of my results disappear and i have 0 results. My code is: Latency_-Session_Average > 50 | search host=servername | sort -size -Latency-Session_Average |table UserName, host, Latency-_Session_Average, RACF_ID, Event_Date, Event_Time, ICA_Name |dedup USERNAME If I remove dedup, i get all results, but multiples of each user in the results ... View more