Monitoring Splunk

Isilon FS Audit Logs Shows No User - Searching Index Shows SID

travismartinez
New Member

I'm having a challenge with the EMC Isilon Splunk App and Add-on that is reporting the SID information but not translating it to user/domain. There's not much in the way of directions for these and it seems like I missed a configuration step.

There are no errors being thrown and the index is taking in syslog information.

What do I need to do to get the FS Audit Logs to translate the user SID?

Thanks!

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!