In a nutshell, you can look at the Elastic DSL query directly by clicking on the magnifying glass of any widget, but if you want to see if you have an successes you can also use timeline through this KQL query:
"event.category": "authentication" and "event.outcome": "success"
We're checking for both of those to see if there is a success. If you have a lot of failures like I see below that's the query:
"event.category": "authentication" and "event.outcome": "failure"
You can change your Kibana Index patterns in either Data Sourcer at the top of each page and within timeline:
To explore and see what indexes have what data. The dashes in the above screenshot for "Last success" and "Last successful source" seem to show that those fields aren't filled out within your index.
The large number of failures seems to indicate that you have outsiders attacking your network and trying to use the user of either "administrator" or "ADMINISTRATOR" with lots of failures and no successes. Or you have a rouge process/script doing something with lots of failures.