Ever want more detailed information on authentications to your WordPress Admin Area? This Splunk Query will show detailed information on successful authentications to the wp-admin section of your site:

sourcetype="access_combined" uri="/wp-admin/admin-ajax.php?_fs_blog_admin=*"
| iplocation clientip
| stats sparkline latest(_time) as Latest_Date count(status) as count values(status) by uri, Country, Region, City, clientip
| convert ctime(Latest_Date)
| sort - count

Screenshot:

Notes:

Please comment if this is successful or unsuccessful for you, I have limited access to WordPress data. That said this worked for me.