The above poster's answer does not work on the latest Enterprise Security version.
You must visit the following file
Then modify two lines. I copied and pasted my config below with the parts that need to be modified in bold.
[Threat - User Failed to Login More Than 100 Times - Rule]
action.correlationsearch.enabled = 1
action.correlationsearch.label = User Failed to Login More Than 100 Times
Restart your Splunk instance after by running the following
sudo YOUR_SPLUNK_DIRECTORY/bin/splunk restart
... View more