As of version 136, Dynatrace created a separate audit log file with user logins and logouts that contain, among others, tenant ID, username, and session ID. The file called audit.user.00.log is located in the Dynatrace Managed server log directory of each cluster node. For example, 2018-01-10 11:42:12 UTC WebUI Login [TENANTID]: user: USERNAME, roles: [USER ROLES], session: SESSIONID, clientIp: CLIENTIP
You can use the info in this file for what you want to do.
Hope This Helps