AL08

Data Description

The AL08 event is used in SAP to show the list of all the users who are logged on to the system globally or for all the instances in the system which are active.

Potential Use Cases

This event could be used in the following scenarios:

• View users that are logged in.

• Alert on sensitive users logging into the system.

• View log-in trends over time.

Splunk Event

The event will look like this in Splunk:

SAP Navigation

Log into SAP, and execute the AL08 transaction code. The data that is sent to Splunk will then be visible.