Ever want more detailed information on authentications to your WordPress Admin Area? This Splunk Query will show detailed information on successful authentications to the wp-admin section of your site:
| iplocation clientip
| stats sparkline latest(_time) as Latest_Date count(status) as count values(status) by uri, Country, Region, City, clientip
| convert ctime(Latest_Date)
| sort - count
Screenshot: Notes: Please comment if this is successful or unsuccessful for you, I have limited access to WordPress data. That said this worked for me.