Solved: How can we audit Hunk's users?

ddrillic · ‎04-11-2017

We would like to audit the Hunk's users. Meaning, which users use the system, when, how much... we are on Hunk version 6.5.2.

rdagan_splunk · ‎04-11-2017

To audit all the users who log into the Hunk Search Head, see this answer: https://answers.splunk.com/answers/225682/how-to-search-splunks-internal-audit-events-to-see.html

From a Hadoop point of view, all of Splunk Users run the MapReduce job as the user who installed Splunk, so that should be in the Hadoop log. You can use this Splunk App to log the Hadoop logs: https://splunkbase.splunk.com/app/3134/

View solution in original post

rdagan_splunk · ‎04-11-2017

To audit all the users who log into the Hunk Search Head, see this answer: https://answers.splunk.com/answers/225682/how-to-search-splunks-internal-audit-events-to-see.html

From a Hadoop point of view, all of Splunk Users run the MapReduce job as the user who installed Splunk, so that should be in the Hadoop log. You can use this Splunk App to log the Hadoop logs: https://splunkbase.splunk.com/app/3134/

ddrillic · ‎04-11-2017

Much appreciated!!!

How can we audit Hunk's users?

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!