![Microsoft Windows Security Auditing 4624 Anonymous Logon Windows Microsoft Windows Security Auditing 4624 Anonymous Logon Windows](/uploads/1/2/5/4/125430231/675771016.png)
I also have this issue, has anyone found a working solution to this? I also noticed that this to be an issue with sessionid in the tSessions lookup table. I managed to work around it for the tsessionsupdate using mvindex(LoginID,-1) and mvindex(AccountDomain,-1) for ntlogindomain, however I agree with mikaelbje, that this should be fixed within the Splunk Supported app. I have opened a ticket with a few issues I have found within this app/spunk, and this issue is one of them. I am running splunk 6.3.1 with 1.2.0 of the splunkappwindowsinfrastructure.
4624(S): An account was successfully logged on.; 14 minutes to read Contributors. In this article. Windows 10; Windows Server 2016; Subcategory: Audit Logon. Event Description: This event generates when a logon session is created (on destination machine). It generates on the computer that was accessed, where the session.