Hi all, i need to use splunk to check windows domain admin authentication. I installed the free splunk enterprise on a ubuntu server machine and installed the universal forwarder on my windows domain controller which is running on a win 2012 r2 machine. Now, i need to filter interactive logon (Logon Type: 2) and RDP logon (Logon Type:*10). I can find RDP authentication logs but there are no interactive logon logs for administrator account. Can someone help me? Sorry for my bad english. Have a great day.