Guys, apologies if this has already been asked before and there is a KB article for this. We are looking to archive Logon/Logoff events that occur in our Windows domain controller security log. Is this possible ? and if so how ? TIA
By archive do you mean search for matching events and export them out of splunk?