×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jayygee3
Engager
Member since: ‎01-12-2023
‎01-12-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎01-12-2023
Activity Feed
View All

Re: User Concurrent Logins on Unique Hosts

by in Splunk Search
‎01-12-2023 04:29 PM
‎01-12-2023 04:29 PM
@bowesmana thanks! I read through the thread and I think I am starting to get a better idea of how to approach my situation. Appreciate the quick response! ... View more

How to search user concurrent logins on unique hos...

by in Splunk Search
‎01-12-2023 03:41 PM
‎01-12-2023 03:41 PM
I'm hoping to get some help or direction. I have seen a few different forum posts where the search pulled how many concurrent sessions were happening at a time. (General count of sessions occurring at a given time) I somewhat get that done with this search: index=main EventCode=4624  | eval Account=mvindex(Account_Name,1) | eventstats dc(host) AS Logins by Account | where Logins > 1 | timechart count(Logins) BY Account I am hoping to pivot into a search with more detail such as Account login session duration and any overlap in sessions from unique hosts. The goal is to pinpoint potentially shared credentials for further investigation. I have played with transaction a bit, but can't seem to get it to work the way I need and have read many posts advising against this command due to resource usage.  Any tips for a Splunk Newb? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-12-2023 07:02 PM
Karma given to
View All