Hi, I am looking to grab all windows events of successful NTLM logins without using Kerberos. Here is my query so far. "eventcode=4776" "Error Code: 0x0" ntlm I think this is working as of now, however it brings results including the value of Kerberos, I tried using the value, Not "Kerberos" , however it completely broke my search result. I am looking to grab only the value of "Account Name:" and "Source Network Address:" then export it to a csv file every week. Is this something I can do with Splunk? If so any help would be appreciated. Thanks.
... View more