Currently I am trying to configure "Splunk App for Windows Infrastructure". Our goal is audit Logon/Logoff Domain Administrator.
After downloading the app, I have configured it by using "Guided Setup" under "Tools and Settings" and perform required steps to enable this app.
For "Active Directory\User Overview", I can see the data, but for "Active Directory\User Audit" and "Active Directory/Administrator Audit" I don't see any data.
Am I missing anything here? How can I get logon/logoff audit information for our network domain admins?