Hello All Just got a job with Splunk inheritance, no knowledge about Splunk I could say I'm in the category Splunk for Dummy. what I know is we have Splunk Enterprise Universal forward install on domain controller and other important servers as well.  Could someone assistance me creating alerts for the following Excessive Login Failures Account Added to Security Enabled Group Event Logs Cleared Detect Excessive Account Lockouts from Endpoint  Short Lived Windows Accounts Windows User Account Created/Deleted Unclean Malware Detected Disk Utilization Over 95% thank you very much in advance. ... View more