Before re-inventing the wheel - does any one have solution/script for importing /var/adm/wtmpx via the last command on solaris ? thanks
/var/adm/wtmpx is the database which command last is accessing. So, I suggest you to run the last command in splunk on a regulary basis.
You may write a simple shell script and place that in $SPLUNK_HOME/bin/scripts