All Apps and Add-ons

Any App to audit changes in Splunk Enterprise distributed environment ?

neerajs_81
Contributor

Hi, is there any app similar to https://splunkbase.splunk.com/app/4144/ for auditing changes made to different settings, conf files in a Clustered deployment ?  If there is NO app, can someone recommend a report that can be run ?

Any help appreciated. 


Labels (2)
Tags (1)
0 Karma
1 Solution

VatsalJagani
Champion

@neerajs_81 - Try this App for configuration changes monitoring. (I've not tried it personally but it sounds promising.)

Git Version Control App for Splunk -  https://splunkbase.splunk.com/app/4182/

 

You can search through splunkd_access logs, it will give you what component changed, and who changed it but will not tell the old value and new value.

index="_internal" sourcetype="splunkd_access"

 

I hope this helps!!

View solution in original post

gjanders
SplunkTrust
SplunkTrust

Also refer to previous answers https://community.splunk.com/t5/Dashboards-Visualizations/Version-control-management-for-Splunk-Dash...

 

Version control for splunk also does this among other options...the knowledge object overview app on SplunkBase has some queries for this too. https://splunkbase.splunk.com/app/5399/

neerajs_81
Contributor

Thank you

0 Karma

neerajs_81
Contributor

Thank you, checking it out.

0 Karma

VatsalJagani
Champion

@neerajs_81 - Try this App for configuration changes monitoring. (I've not tried it personally but it sounds promising.)

Git Version Control App for Splunk -  https://splunkbase.splunk.com/app/4182/

 

You can search through splunkd_access logs, it will give you what component changed, and who changed it but will not tell the old value and new value.

index="_internal" sourcetype="splunkd_access"

 

I hope this helps!!

Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...