Splunk Dev

Logs from specific application

smithjl
New Member

We have a application that can be used as a backup to our Electronic Medical Record. Using Splunk Enterprise, I need to run a report that shows which users logged into this application from which workstation. The application is logged in via LDAP credentials. I would like the report to show hostname, username, login time, logout time.

Unfortunately, I am not sure where to start. Any help will be appreciated.

0 Karma

smithjl
New Member

Thank you for the advice, whrg. The application is called 724 Access Viewer. It is a Cerner application that aids our nursing staff in caring for patients during a system/network outage. The application is installed on a Windows 10 PC which has the Universal Forwarder installed and reporting to our indexer. In fact, I was trying to glean the information from these events, but I am having difficulty finding what we are looking for. I will check on the logging from the application itself. I searched splunkbase for Cerner, but I will go back and search for 724 specifically.,Thank you for the advice. The application is called 724 Access Viewer. It is a Cerner application which allows our nursing staff to provide care to patients in the event of a system/network outage. The application is installed on a Windows 10 PC which has the Universal Forwarder installed and reporting to our indexer. I will check on the logging from the application itself. I checked splunkbase yesterday, but I was unable to find any apps for Cerner. I will check again for 724 specifically.

0 Karma

whrg
Motivator

I suppose this application does not come free of charge. Perhaps you could file a support ticket with Cerner and ask them directly how logging is done.

0 Karma

whrg
Motivator

Could you tell us which particular application you are using?

Here is some general advice:

First, you need to figure out if and how your application handles logging and then get these logs in Splunk.

Check in the application's settings if you can configure log forwarding. Many applications can push their logs to a remote Syslog server. You could also check the application's manual if one exists.

If you have access to the application's operating system then you could search for interesting log files in the file system. For example, under Linux, some applications log to /var/log or /opt/application/log. A Splunk Universal Forwarder (if supported by the operating system) could monitor these log files and send them to your Splunk Enterprise server.

Also check splunkbase.com if any apps exist for this application.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...