Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to write a search to audit when an eventtype is changed?

adylent
Path Finder
‎03-20-2015 12:23 PM

Can anyone recommend a search to audit when an eventtype definition is changed?

0 Karma
Reply

lguinn2
Legend
‎03-22-2015 03:40 PM

The place to look for such things would be the _audit index, but changes to eventtypes are not tracked as far as I can tell.

0 Karma
Reply

somesoni2
Revered Legend
‎03-20-2015 12:35 PM

You want to monitor if anyone change the definition of an eventtype?

0 Karma
Reply

adylent
Path Finder
‎03-20-2015 12:43 PM

Yeah, if possible. I wasn't having any luck finding details about this in _internal

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...