I'm using the Splunk App for Windows Infrastructure and it's working and returning data. I want to find all inactive accounts in my domains along with last logon/activity time. The 'Domain Accounts: Inactive' report driven by 'secrpt-inactive-users' lists user accounts, but doesn't show last logon/time of activity. How can I also list last logon/activity time?
Hi,
In order for dashboards under Active Directory section to work well, you will need to install additional Add-On namely the Splunk Add-on for Microsoft Active Directory and Splunk Add-on for PowerShell. You might need the Splunk Add-on for Windows DNS if you are interested in collecting DNS related logs.
You can follow the official documentation here to help you:
https://docs.splunk.com/Documentation/MSApp/1.4.2/MSInfra/AbouttheSplunkAppforMSInfrastructure
Regards,
Benjamin