Start Free TrialLog in
Avatar of rgraber6
rgraber6

asked on 

Logon Event Monitoring: Workstation_Name Field Blank?

Currently monitoring forwarded event logs from a domain controller (Running Windows 2008 R2). Trying to use an IT monitoring application called SPLUNK (www.splunk.com) to do so. Specifically focused on monitoring logon events.Would like to be able to sort logon events by account_name and workstation_name fields.

The issue: When searching through the domian controller's event logs and filtering for logon events, the program is failing to define a workstation name. It often can define an account name, but the problem is that we aren't able to correlate which account name is logging into which workstation name.

Question: Why are most of the "4624" logon events ANONYMOUS LOGON's ? Is there a way to extract these desired fields out of the logs with SPLUNK, or is the data just withheld on the the Windows event logs? If so, how do we make so these fields are not hidden on these logs?

Thanks
Network AnalysisMicrosoft Legacy OSIT Administration
Avatar of undefined
Last Comment
neilpage99
ASKER CERTIFIED SOLUTION
Avatar of neilpage99
neilpage99
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Microsoft Legacy OS
Microsoft Legacy OS

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

55K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent