Hi, is there any app similar to https://splunkbase.splunk.com/app/4144/ for auditing changes made to different settings, conf files in a Clustered deployment ? If there is NO app, can someone recommend a report that can be run ?
Any help appreciated.
@neerajs_81 - Try this App for configuration changes monitoring. (I've not tried it personally but it sounds promising.)
Git Version Control App for Splunk - https://splunkbase.splunk.com/app/4182/
You can search through splunkd_access logs, it will give you what component changed, and who changed it but will not tell the old value and new value.
index="_internal" sourcetype="splunkd_access"
I hope this helps!!
Also refer to previous answers https://community.splunk.com/t5/Dashboards-Visualizations/Version-control-management-for-Splunk-Dash...
Version control for splunk also does this among other options...the knowledge object overview app on SplunkBase has some queries for this too. https://splunkbase.splunk.com/app/5399/
Thank you
Thank you, checking it out.
@neerajs_81 - Try this App for configuration changes monitoring. (I've not tried it personally but it sounds promising.)
Git Version Control App for Splunk - https://splunkbase.splunk.com/app/4182/
You can search through splunkd_access logs, it will give you what component changed, and who changed it but will not tell the old value and new value.
index="_internal" sourcetype="splunkd_access"
I hope this helps!!