the lastlog.sh provides this information. on solaris this file is called wtmpx but this is a binary file and it is in /var/adm/ not /var/log/

Still i am able to fetch other data like /var/log/*
But coudnt get failed login.
Just need help on where do i look on solaris server for logs, which are genererated in case of user login failed.
I mean if i get to know the path, i will start monitoring that logs.
However i have enabled all the logs which are present in inputs.conf

okay in this case you don't get the needed data, either permission or something went wrong in the *nix App config on the universal forwarder.

No i didnt get anything other than you the timerange has been substituted based on your search string

this is the search behind the macro in the *nix app:
index=os eventtype=failed_login host=$host$

if you search 'index=os eventtype=failed_login earliest=-1mon@mon' do you get anything beside the blue bar telling you the timerange has been substituted based on your search string?

Yes.I am using *nix app.
Also i have enabled the app according to inputs.conf

assuming you are using the *nix app, have you enabled the according inputs in the app?
http://docs.splunk.com/Documentation/UnixApp/latest/User/InstalltheSplunkAppforUnixandLinux#Enable_d...

However, I am able to get other information like disk usage, successful user logins, config files overview.

drwxr-xr-x 9 gwtest infrasrv 1024 Feb 7 03:19 splunk

this is what i found.

gwtest user has got sudo access.