Monitoring Splunk
Highlighted

restart_splunkd showing up in audit.log every minute -- I am not restarting Splunk every minute.

Champion

I'm seeing the following entry every minute in audit.log:

Audit:[timestamp=08-05-2013 18:10:09.376, user=admin, action=restart_splunkd, info=granted ][n/a]

I know for a fact that splunkd is not getting restarted every minute.

0 Karma
Highlighted

Re: restart_splunkd showing up in audit.log every minute -- I am not restarting Splunk every minute.

Champion

Per the following answer, this is a bug where the audit handler produces noise: http://splunk-base.splunk.com/answers/8516/auditlog-restart_splunkd

View solution in original post

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.