Getting Data In

Regarding Absence of Windows Security Command Line Events in Logs

Raj
Builder

hi ,

We could be the  issue regarding the absence of Windows Security Command Line " EventCode=4688 ParentProcessName="C:\\Windows\\System32\\cmd.exe"  events.
I have not blacklisted it in any of the app.

Thanks.


0 Karma

bharathkumarnec
Contributor

@Raj Can you may be run btool to check the full configuration?

0 Karma

Raj
Builder

@bharathkumarnec 

Hi, Where exactly we can run this btool to check the configurations. I dnt have back end access can we check in ui.

0 Karma

bharathkumarnec
Contributor

@Raj 
$SPLUNK_HOME$/bin/splunk btool inputs list --debug

 

Raj
Builder

@bharathkumarnec  Hi,

After investigating I came across audit process creation is this causing this issue ??
https://docs.splunk.com/Documentation/ES/7.2.0/Admin/ConfigureLogging


 

0 Karma

bharathkumarnec
Contributor

@Raj please check if the source is generating the data in the event viewer with the information that you are looking ?

0 Karma

Raj
Builder

@bharathkumarnec ,

Yes, it is generating the data in the event viewer!

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Introducing ITSI 5.0: Unified Visibility and Actionable Insights

Introducing ITSI 5.0: Unified Visibility and Actionable Insights Tuesday, July 21, 2026  |  10:00AM PT / ...

Inside Splunk Agent Observability: Understanding Agent Behavior, Tokens & Costs

Inside Splunk Agent Observability:Understanding Agent Behavior, Tokens & Costs Thursday, August 06, ...

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...