Getting Data In

How to monitor SSH logins to our Splunk server?

Explorer

Is there a way to monitor Splunk server logon/logoff, basically trying to find the best way to audit access to Splunk servers via direct UI or SSH?

0 Karma
1 Solution

SplunkTrust
SplunkTrust

This should get you started.

index=_internal source="*/splunkd_ui_access.log" (uri_path="*/account/login" method="POST") OR (uri_path="*/account/logout")  | table _time user clientip method status uri_path
---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

This should get you started.

index=_internal source="*/splunkd_ui_access.log" (uri_path="*/account/login" method="POST") OR (uri_path="*/account/logout")  | table _time user clientip method status uri_path
---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

Explorer

What would be the best query to monitor SSH logins to the Splunk Server?

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!