Hello Community,
I'm new to splunk and couldn't seem to find an answer to my question.
I'm currently running a Splunk Trial for Splunk Cloud, and running a Universal Forwarder on a Test Domain Controller.
I want an overview of the failed login attempt in our whole domain(Clients and Servers)(Server authentication is handled via AD). Is this possible to do with a single forwarder on the domain controller?
For the lockout status I have a similar Question, I would like to have a Alert when a User is locked out on his Computer. Can this be done with only Universal fowarders on the Domain Controllers?
Thanks in advance!
Cheers.
... View more