I'm trying to complete the lab for my cybersecurity course. I googled few thing for this question, but this question doesn't seem to accept the answer. It is a course from Immersive labs. May be i'm doing something wrong or any problem with my query. I'm not sure. I've used the query:-
index="_audit" action=* info=*
| stats count by user
Need your help with this to search login attempts for username=admin.
The key to using Splunk is understanding your data. You should examine the log / event data you have available to you to determine which part of the event will help you with your usecase. I suspect this is the purpose of the exercise. You should have been provided with all the necessary information to complete this.