how can I know, intrusion attempts by searching in logs ips on splunk ?
how to better approach the problem would be greatly appreciated

This is way too vague and broad a question to answer properly.