Splunk® App for Windows Infrastructure

Splunk App for Windows Infrastructure Reference

Download manual as PDF

Download topic as PDF

User Audit

Exch 30 aduseraudit.png

The User Audit dashboard displays information about Active Directory user objects, and includes specifics on:

  • Active Directory record.
  • Group Membership.
  • Accounts that were locked out after failing to logon properly.
  • Failed logons by the selected user.

In this dashboard's selection panel, you can choose the domain from which you want to display user audit data by selecting the Account Domain drop-down list. You must do so in order to get information on user account activity within the domain.

You can further narrow down your search by typing in the name of a valid user object in the User Account field. If you type in '*' (asterisk), the Splunk App for Microsoft Exchange searches against all users.

You can also control how much data gets displayed by selecting the time range you desire in the time range picker on the upper left side of the dashboard.

Last modified on 30 November, 2016
User Overview
AD Administrator Audit

This documentation applies to the following versions of Splunk® App for Windows Infrastructure: 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.5.2, 2.0.0, 2.0.1

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters