hello all I am fairly new to using Splunk and would like some help with searching for locked accounts and to Setup an search that checks for failed password on daily basis. I want to check for ids which are constantly appearing on daily basis for x number of times. If the pattern continues then i may know if a hacker is trying to break into a particular id using a slow password attack. I have been searching on event ID 4740 but returning no hits even though I have a user that has been locked out, why would this be happening?
... View more