I'd like to create a dashboard where I could easily search for events coming from a specific IP address or username.
For example:
It would show where that specific IP address was logged on to, URL it accessed, if it was locked out and all that stuff considering all security appliance was added on SPLUNK such as IPS, Web Gateway, Endpoint Protection, active directory and the like.
Just like how should an SIEM should work.
Assuming you integrated with your IPS etc using CIM compliant TAs, then you can install the Splunk CIM and use the Intrusion Detection or the Network Traffic data models.