The SM04 event is used in SAP to view users logged in.
Potential Use Cases
This event could be used in the following scenarios:
Identify potential security threats from user log-in events.
Trend user log-ins over time.
The event will look like this in Splunk:
Log into the managed system and execute the SM04 transaction code. The data that is displayed will match the data that is extracted and sent to Splunk.