Hi,
I am looking for a query for finding ‘users logged into multiple machines’. Can someone please help me out.
Thanks in Advance,
KP
Hi Kamal,
To retrieve the result of "users logged into multiple machines", you can execute the following query:
label=login source_address=* | rename source_address as host_address | chart count() as Times by user, host_address, host
For a more visually appealing representation of the data in a Dashboard widget, it is recommended to select the Sankey visualization option.
If you wish to inspect the logs for a specific user logged into multiple machines, you can modify the query by adding the "user" field with the desired user value:
label=login user=Heisenberg source_address=* | rename source_address as host_address | chart count() as Times by user, host_address, host
This modified query will provide the result specifically for the user "Heisenberg" and their corresponding logins on different machines.
Kind Regards,
Prajwal
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.