Hello. What is the best way to trend login failures. Would like to create a baseline of processing normalcy over a two week period. Also, how would we retain this information for future comparisons? Thanks.
The Prelert Anomaly Detective app uses machine-learning algorithms to automatically learn the baseline rates of your events and uses that information to detect anomalies in current data. It can auto-learn the base line in 3 modes:
Sounds like it would be useful for your use-case!
Page produces a 404. Is there nothing in core splunk?