I am trying to configure a splunk alert that will send me an email if a user fails their password 10 times or more in 15 mins. I only want 1 alert per user per hour. I thought this would be something easy to do but I seem to be getting a lot problems with this not responding correctly.
Is my search good? Anyone have some recommendations? Thanks!