Kibana user logins evaluation

Hello everyone,

I would like to monitor the login behavior of our users. However, I am currently not able to evaluate this, because the username is in the middle of the message.
Is there a possibility to filter by it or to display only the username?
The username is between two square brackets <> and is needed to find out who logs in how often per month or not at all.

Many thanks in advance

The feature for monitoring security user activity is in Elasticsearch: Auditing Security Events | X-Pack for the Elastic Stack [6.2] | Elastic

Also perhaps you are interested in this feature request: https://github.com/elastic/kibana/issues/18650

Also you can find information here: Kibana audit logging and usage data · Issue #17939 · elastic/kibana · GitHub

Thanks
Rashmi

Welcome to our community! :smiley:

Can you show us an example of the data that you are looking to query?

message: 08.10.2020 17:31:35 [Thread-2819-XYZ] INFO de.maiksawq.xhw - Oct 8, 2019 1:32:35 PM *** user from client <abcs (testdomain-server.xyq)> logged in

This is the only way i can analyze the login of my users. I want to use the username (in this case PXZQY) to find out how often in a certain timestamp the user logged in. The problem is that i have less knowledgement with Kibana and thats why I need help :smiley:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.