We had a user log in remotely either with ESXI with a VM, with Remote Desktop or with the command prompt using SSH. Our Splunk server is on a domain and we are trying to determine who logged in and made changes. I have searched the forum and cannot find a definite answer in the community. I'm fairly new to Splunk with writing queries and all so appreciate any help and/or advice anyone can give. Thanks,
↧
