Getting Data In

Collecting Windows Logins Events - Specifically what server/workstation they were remoting into

TitanAE
New Member

I'm currently collecting windows security events. And it's been good for seeing failures. But I cannot see 'what' workstation or server they attempted to log into.

Does anyone have any advice on how to capture this piece of information?

0 Karma
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...