diff --git a/kustomize/base/files/exporter.cfg b/kustomize/base/files/exporter.cfg
index fb7285c..9c5b1f3 100644
--- a/kustomize/base/files/exporter.cfg
+++ b/kustomize/base/files/exporter.cfg
@@ -59,3 +59,28 @@ QueryJson = {
       }
     }
   }
+
+[query_authlog_user_login]
+QueryIntervalSecs = 60
+QueryTimeoutSecs = 15
+QueryIndices = <*-authlog-*>
+QueryOnError = drop
+QueryOnMissing = drop
+QueryJson = {
+  "size": 0,
+    "query": {
+      "range": {
+        "@timestamp": {
+          "gte": "now-5m/m",
+          "lt": "now"
+        }
+      }
+    },
+    "aggs": {
+      "system_auth_user": {
+        "terms": {
+          "field": "system.auth.user.keyword"
+        }
+      }
+    }
+  }
\ No newline at end of file