Security

account locked out by user

lexphumirat
New Member

Sorry for the easy question, but totally new to splunk.

what would be the query to use in search to look up a user account that is locked out. example i want to search a user account with the username user01 to see why this person keeps getting locked out.

thank you in advance

Tags (1)
0 Karma

JakBauer2401
New Member

winows event logs:
"eventcode=5136" firstname.lastname< or however your AD is set up. That would be the first place to look.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...