The attached data flow is a little rough and ready but it may provide you with an indication of who is logged into the system. It parses the current day's audit log and selects the events with the two relevant auditCode values - 'authenticationSuccess' and 'sessionLogout'.
These events are combined, the required fields are selected and then the events are sorted by the timestamp value. An Aggregate node is then used to select the last event for each user. If the last auditCode value for the user is 'authenticationSuccess' then they may still be logged in.
The information from this data flow may not reflect the actual state of the system in some circumstances:
- If the user closes their browser tab rather than explicitly logging out of the system then no 'sessionLogout' event will be recorded by the system. However, it is not best practice to exit this way as it can cause other issues. If the user subsequently logs back in and then out again the events in the log will then correctly identify the user as being logged out.
- If the user logged into the system in a previous day and has not logged out since, the log rotation mechanism will mean that the user's 'authenticationSuccess' event will have been recorded in a previous audit log file (which will have a filename with the date appended e.g. 'lae-audit.log.2022-01-04') and will not appear in today's 'lae-audit.log' file.
Note: This data flow is not covered by our Support Policy and, for the above reasons, your mileage may vary.