Splunk® App for Windows Infrastructure (Legacy)

Splunk App for Windows Infrastructure Reference

Acrobat logo Download manual as PDF


On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
Acrobat logo Download topic as PDF

AD Anomalous Logons

Exch 30 adanomalouslogons.png

The Anomalous Logons page contains information about questionable user activity on your network. It also shows the more sinister attempts to access restricted network resources. Specific statistics displayed here include:

  • Users logging on from more than one AD site
  • Users logging on from more than one workstation
  • Attempts to log on to disabled or expired accounts

How to use this page

  • Use the Forest', "Site, Domain, and Server fields to limit results to the forest(s), site(s), domain(s), and user(s) that you want to see.
  • To filter using these fields:
    • Select a field with your mouse.
    • Then, begin typing in the name of an element in the appropriate field. For example, type in the name of a forest in the Forest field. The Splunk App for Windows inFrastructure displays entries for forests it has collected data for. It also updates the page to contain only relevant information that matches the specified forest.
    • This method works identically for sites, domains, and users.
  • Use the time range picker to limit results to the range of time that you want the app to display.
Last modified on 30 November, 2016
PREVIOUS
Failed Logons
  NEXT
Computer Audit

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.5.2, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters