This does not appear to be a Splunk question and we're unlikely to be able to help you in any great detail on this problem.
A hint though -
Your answer will be found most likely in some Microsoft docs or forums involving Active Directory. From what I know, if you are trying to log into a domain account on a domain joined PC, it's very difficult to make the failed logins not show up. So something's either seriously wrong, or you are just "doing the wrong thing" like not using a domain joined pc and using a domain account.