LAPS logging and Splunk
When I try to search it in Splunk, nothing comes out!! According to Splunk, Event Code 4662 is too noisy, and Splunk gives an example to filter all Event Code 4662. I realize I use the sample inputs.conf from Splunk. Below is snippet of default inputs.conf.
It took me a couple of days trying many combination of inputs.conf, and finally I figure out the correct syntax.