First off, I am very new to Splunk and that may be my downfall. Our latest Splunk guru has left and this fell to me rather abruptly, so I apologize in advance. I have been tasked with generating a report showing users that are logging into the local computers with elevated privileges of their standard daily accounts. For example, if a user has two logins, username and ADUserName. I need to find out if username is a local admin on their computer and when they have logged in using that account. I have been trying to figure this out but for the last two weeks haven't actually made any progress. Hoping someone can point me in the right direction - thank you very much!
... View more