Splunk Dev

Is there a reference for all the different actions of the field "action" in the Splunk _audit index?

BMacher
Path Finder

Dear Splunkers,

I would like to know if there is a reference for all the different actions of the field "action" (edit_sourcetype, edit_token_http, ...) in the Splunk _audit index?

Regards
Benjamin

0 Karma
1 Solution

woodcock
Esteemed Legend

Yes, these are listed in $SPLUNK_HOME/etc/system/default/authorize.conf which starts out like this:

#   Version 6.5.2
# DO NOT EDIT THIS FILE!
# Changes to default files will be lost on update and are difficult to
# manage and support.
#
# Please make any changes to system defaults by overriding them in
# apps or $SPLUNK_HOME/etc/system/local
# (See "Configuration file precedence" in the web documentation).
#
# To override a specific setting, copy the name of the stanza and
# setting to the file where you wish to override it.
#
# commented out capabilities that are registered by their own components.
# leaving here for educational purposes.

# This file creates roles and sets granular access controls.

# These stanzas list all the capabilities in the system
[capability::accelerate_datamodel]

View solution in original post

0 Karma

woodcock
Esteemed Legend

Yes, these are listed in $SPLUNK_HOME/etc/system/default/authorize.conf which starts out like this:

#   Version 6.5.2
# DO NOT EDIT THIS FILE!
# Changes to default files will be lost on update and are difficult to
# manage and support.
#
# Please make any changes to system defaults by overriding them in
# apps or $SPLUNK_HOME/etc/system/local
# (See "Configuration file precedence" in the web documentation).
#
# To override a specific setting, copy the name of the stanza and
# setting to the file where you wish to override it.
#
# commented out capabilities that are registered by their own components.
# leaving here for educational purposes.

# This file creates roles and sets granular access controls.

# These stanzas list all the capabilities in the system
[capability::accelerate_datamodel]
0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...