hi Everyone,
Happy new year.
I installed splunk agent on several workstations. I want to see that if someone access the share folder.
how can I achieve this.
Enable successful access auditing via group policy editor (start>run>gpedit.msc>Google where to go from there) and then monitor the security event log for success and failure events accessing the share. Your search will be something like
index=windows logon_type=3 sharename