Splunk search for Recently Active Users
Copy
index=_internal earliest=-5m latest=now sourcetype=splunk_web_access user!="internal_monitoring" user!="-" | stats count by user | fields - count
This search will display usernames of the individuals who have accessed Splunk Web within the past 5 minutes. This can be useful to determine who is currently active within your environment.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment