Hi there! Being new and still struggling mightily to master Splunk, I have an immediate need to create a search/report that looks at when new accounts are created in AD, and what those accounts are named. If I run this over 24 hours, I get a host of timestamped "zero" lines, as no accounts were created during that time. However, at some point, there may be creations of accounts, and it those and those alone that I wish to see.
Thanks, and apologies if this is such a stupid and basic question! I'm trying to find a clue in the docs and in the book, but I'm still struggling.
Michael
... View more