Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to search for accounts where users (ex: Active Directory) that are logged in two or more times at the same time?

Iggy66
New Member
‎05-03-2016 10:55 AM

Forgive me for this question, but I am new with Splunk.

We are looking to see if we can use Splunk to locate accounts (Active Directory for example) where there are multiple simultaneous logins. For example, we want to know if JSMITH is logged in twice (or more) at the same time. Since we prohibit that, we want to report on it. Any ideas how we can do this and yet minimize false positives?

Thanks!

0 Karma
Reply

rbittner_splunk
Splunk Employee
Splunk Employee
‎05-04-2016 10:51 AM

Are you running Splunk, or Splunk Light? Splunk Light doesn't support the App for Windows infrastructure (codifies these types of questions) but you can still use a basic search to do this.

There are couple of answers that address similar questions:
https://answers.splunk.com/answers/5928/search-query-for-multiple-login-done-by-more-than-one-pc.htm...
https://answers.splunk.com/answers/301152/how-to-search-a-list-of-users-that-have-logged-in.html

Hope this helps.

0 Karma
Reply

sundareshr
Legend
‎05-03-2016 12:39 PM

Have you looked at Splunk App for Windows Infrastructure app? https://splunkbase.splunk.com/app/1680/

0 Karma
Reply

Iggy66
New Member
‎05-03-2016 01:01 PM

Many thanks- I have not yet, but will check this out.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...