Hello,
I have a user that occasionally experiences a lack of connectivity over a VPN into one of my servers. He can connect most of the time, but there are instances where he's unable to remote in with RDP.
How can I search for the user/Active Directory (already set up in Splunk environment) to see if there are any incorrect logins? It's a simple query, but I'm new to the system.
Thank you in advance.
index=wineventlogs EventType=4625
You can look at the Failure_Reason
field to determine why the account failed.