Top 10 most active Users in Linux linux_secure SplunkNinja Vote Up +3 Vote Down -0You already voted! The following splunk query example will return the top 10 most active users in a given time range sourcetype=linux_secure | rex “\suser[^’](?<User>\S+\w+)” | top limit=10 User Continue Reading →