We have been issues when application stops responding , when a particular account gets locked.
I would like to create an alert to overcome this issue.
Is the application logging account lockouts to Splunk? If so, you can create an alert when a lockout event is detected. If the application does not log to Splunk then Splunk has no way to know the account has been locked out and cannot alert you.