Monitoring Splunk

Isilon FS Audit Logs Shows No User - Searching Index Shows SID

travismartinez
New Member

I'm having a challenge with the EMC Isilon Splunk App and Add-on that is reporting the SID information but not translating it to user/domain. There's not much in the way of directions for these and it seems like I missed a configuration step.

There are no errors being thrown and the index is taking in syslog information.

What do I need to do to get the FS Audit Logs to translate the user SID?

Thanks!

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>