Looking at some windows logs and came across the following commands ran on two separate computers. The "--no-log" concerns me and I can't seem to find if there is a place where logs would generate when this command is ran.
Has anyone seen or know why I would be seeing this? I am the only admin for these hosts so at first glance this looks like a bad actor.
Please check the usage of the btool command.
splunkhome/bin/splunk btool "conf file prefix" list --debug --app="appname"| grep "if you want to grep something from conf file"
and also use "> /var/tmp/123.txt" to write results into text file
here is the link to splunk doc
& splunk does writes logs about btool in splunkhome/var/log/splunk/bttol.log