I have an alert for excessive login failures configured to fire off when a PC reports greater than normal login attempts over a 5 minute period. But the alert doesn't specify the PC generating the alert. Can this be configured?
Hi
here is instructions how to do it.
https://community.splunk.com/t5/Alerting/Alert-Subject-Possible-to-add-host-name/td-p/85209
r. Ismo
Hi
here is instructions how to do it.
https://community.splunk.com/t5/Alerting/Alert-Subject-Possible-to-add-host-name/td-p/85209
r. Ismo