Hope it is possible to derive the data as requested.
Scenario: If you are collecting logs from the domain controller(DC) by using Splunk.
In general, On every single authentication task performed by any domain user, a respective Windows security event log generated.
On that case, If you search for the event ID in the 4624 and from the "Process Information" or "Process Name" column you can get the application name which got authorization from DC.
Splunk search command : host="DC1" EventCode=4624 Process_Name=*
Reference: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624#examples
... View more