Trying to use Splunk Enterprise as a tool to perform automated auditing of my event logs. I have a couple standalone PCs and am required to perform bi-weekly audits. Would love to be able to have this process automated.
Does anyone have "laymen" instructions on how to accomplish this task?
In terms of how to achieve your audit that is really going to depend on what you need audited! If you're just getting a list of logins for two PCs I would probably suggest Splunk is overkill. Instead you can just connect to the event viewer on each PC and run a search.