User Audit
The User Audit dashboard displays information about Active Directory user objects, and includes specifics on:
- Active Directory record.
- Group Membership.
- Accounts that were locked out after failing to logon properly.
- Failed logons by the selected user.
In this dashboard's selection panel, you can choose the domain from which you want to display user audit data by selecting the Account Domain drop-down list. You must do so in order to get information on user account activity within the domain.
You can further narrow down your search by typing in the name of a valid user object in the User Account field. If you type in '*' (asterisk), the Splunk App for Microsoft Exchange searches against all users.
You can also control how much data gets displayed by selecting the time range you desire in the time range picker on the upper left side of the dashboard.
User Overview | AD Administrator Audit |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.5.2, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4
Feedback submitted, thanks!