Monitoring Splunk

LDAP Request Monitoring

Error401
Observer

Hello,

I'm a complete newbie to Splunk so correct me if I'm wrong somewhere.

I'm trying to monitor LDAP request, I have more than 21sites in our Domain.

I'm using the Splunk App for Windows Infrastructure and IT Operation.

Is there any way I can get 30days LDAP request from these applications or Splunk.

I'm taking out the logons weightage but it is taking almost forever to even get 5 days records - 

 

Dashboard_1Dashboard_1Dashboard_1Dashboard_1

Note - I don't have any admin privilege and no configuration can be allowed in the Splunk. Only READ-ONLY mode is available, I cannot run any query.

HELP ME SUGGEST SOMETHING SO THAT I CAN GET THE LDAP REQUESTS FROM THE DC.

TOTAL DC COUNT - 69

 

THANKs

0 Karma
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...