I have 5 computer who send security logs to a server. This server forward those logs to my splunk server so I can put them on a dashboard and I can send email alerts when the account "Administrator" is used.
My problem is that I can see the account name on my server but on Splunk web app those informations dissapear from the logs so I can't sepparate logs by the user.
Does someone can help me with this please?
... View more