We have a application that can be used as a backup to our Electronic Medical Record. Using Splunk Enterprise, I need to run a report that shows which users logged into this application from which workstation. The application is logged in via LDAP credentials. I would like the report to show hostname, username, login time, logout time.
Unfortunately, I am not sure where to start. Any help will be appreciated.
Thank you for the advice, whrg. The application is called 724 Access Viewer. It is a Cerner application that aids our nursing staff in caring for patients during a system/network outage. The application is installed on a Windows 10 PC which has the Universal Forwarder installed and reporting to our indexer. In fact, I was trying to glean the information from these events, but I am having difficulty finding what we are looking for. I will check on the logging from the application itself. I searched splunkbase for Cerner, but I will go back and search for 724 specifically.,Thank you for the advice. The application is called 724 Access Viewer. It is a Cerner application which allows our nursing staff to provide care to patients in the event of a system/network outage. The application is installed on a Windows 10 PC which has the Universal Forwarder installed and reporting to our indexer. I will check on the logging from the application itself. I checked splunkbase yesterday, but I was unable to find any apps for Cerner. I will check again for 724 specifically.
Could you tell us which particular application you are using?
Here is some general advice:
First, you need to figure out if and how your application handles logging and then get these logs in Splunk.
Check in the application's settings if you can configure log forwarding. Many applications can push their logs to a remote Syslog server. You could also check the application's manual if one exists.
If you have access to the application's operating system then you could search for interesting log files in the file system. For example, under Linux, some applications log to /var/log or /opt/application/log. A Splunk Universal Forwarder (if supported by the operating system) could monitor these log files and send them to your Splunk Enterprise server.
Also check splunkbase.com if any apps exist for this application.