Failed Logon Attempts Per Day Per Host

The following splunk query will return the number of failed logon attempts per user per host for each day. You will need to have the following apps installed:

Splunk Add-on for Microsoft Windows

You can adjust the warning (case) threshold to fit your needs. (This query is for Windows 2008 and newer operating systems)

The following splunk query is the method to get the same data for Windows 2003 and older machines.
Share This: