this is one of the events i want to search. the csv file are just domain admin user names. one column one row of just names. NOTE: I come from using QRadar for over 5 years, to using splunk for the first time, and i am finding it difficult to transition from one platform to another. 07/06/2021 10:11:23 AM LogName=Security EventCode=4724 EventType=0 ComputerName=Localhost.local SourceName=Microsoft Windows security auditing. Type=Information RecordNumber=13407054485 Keywords=Audit Success TaskCategory=User Account Management OpCode=Info Message=An attempt was made to reset an account's password.
... View more