https://community.splunk.com/t5/Splunk-Dev/Logs-from-specific-application/m-p/428380#M7662 <P>I suppose this application does not come free of charge. Perhaps you could file a support ticket with Cerner and ask them directly how logging is done.</P> Tue, 12 Mar 2019 14:48:25 GMT whrg 2019-03-12T14:48:25Z https://community.splunk.com/t5/Splunk-Dev/Logs-from-specific-application/m-p/428377#M7659 <P>We have a application that can be used as a backup to our Electronic Medical Record. Using Splunk Enterprise, I need to run a report that shows which users logged into this application from which workstation. The application is logged in via LDAP credentials. I would like the report to show hostname, username, login time, logout time.</P> <P>Unfortunately, I am not sure where to start. Any help will be appreciated.</P> Mon, 11 Mar 2019 21:59:09 GMT https://community.splunk.com/t5/Splunk-Dev/Logs-from-specific-application/m-p/428377#M7659 smithjl 2019-03-11T21:59:09Z https://community.splunk.com/t5/Splunk-Dev/Logs-from-specific-application/m-p/428378#M7660 <P>Could you tell us which particular application you are using?</P> <P>Here is some general advice:</P> <P>First, you need to figure out if and how your application handles logging and then get these logs in Splunk.</P> <P>Check in the application's settings if you can configure log forwarding. Many applications can push their logs to a remote Syslog server. You could also check the application's manual if one exists.</P> <P>If you have access to the application's operating system then you could search for interesting log files in the file system. For example, under Linux, some applications log to /var/log or /opt/application/log. A Splunk Universal Forwarder (if supported by the operating system) could monitor these log files and send them to your Splunk Enterprise server.</P> <P>Also check splunkbase.com if any apps exist for this application.</P> Tue, 12 Mar 2019 10:23:41 GMT https://community.splunk.com/t5/Splunk-Dev/Logs-from-specific-application/m-p/428378#M7660 whrg 2019-03-12T10:23:41Z https://community.splunk.com/t5/Splunk-Dev/Logs-from-specific-application/m-p/428379#M7661 <P>Thank you for the advice, whrg. The application is called 724 Access Viewer. It is a Cerner application that aids our nursing staff in caring for patients during a system/network outage. The application is installed on a Windows 10 PC which has the Universal Forwarder installed and reporting to our indexer. In fact, I was trying to glean the information from these events, but I am having difficulty finding what we are looking for. I will check on the logging from the application itself. I searched splunkbase for Cerner, but I will go back and search for 724 specifically.,Thank you for the advice. The application is called 724 Access Viewer. It is a Cerner application which allows our nursing staff to provide care to patients in the event of a system/network outage. The application is installed on a Windows 10 PC which has the Universal Forwarder installed and reporting to our indexer. I will check on the logging from the application itself. I checked splunkbase yesterday, but I was unable to find any apps for Cerner. I will check again for 724 specifically.</P> Tue, 12 Mar 2019 13:40:54 GMT https://community.splunk.com/t5/Splunk-Dev/Logs-from-specific-application/m-p/428379#M7661 smithjl 2019-03-12T13:40:54Z https://community.splunk.com/t5/Splunk-Dev/Logs-from-specific-application/m-p/428380#M7662 <P>I suppose this application does not come free of charge. Perhaps you could file a support ticket with Cerner and ask them directly how logging is done.</P> Tue, 12 Mar 2019 14:48:25 GMT https://community.splunk.com/t5/Splunk-Dev/Logs-from-specific-application/m-p/428380#M7662 whrg 2019-03-12T14:48:25Z