Splunk search for Successful OSX logins
Copy
sourcetype=osx_secure | rex field=_raw "authinternal\sauthenticated\suser\s(?<user>\S+)" | stats count by user, host | sort - count
This search will show successful logins to a Mac OSX system