Sorry for the easy question, but totally new to splunk.
what would be the query to use in search to look up a user account that is locked out. example i want to search a user account with the username user01 to see why this person keeps getting locked out.
thank you in advance
winows event logs:
"eventcode=5136" firstname.lastname< or however your AD is set up. That would be the first place to look.