Hi Splunkers, I have a doubt about users that run scheduled searches. Until now, I now very well that, if a user own a knowledge object like a correlation searches, when it is deleted/disabled, we c...
I have a simple search index=xxxxx "User ID" and I need the correct syntax to get the actual username in the results. Sample Event INFO xcvxcvxcvxcvxcvxcvxcvxcvxcvxcvvcx - Logged User ID-X...
Hi Splunk Community, I'm trying to list all splunk local users (authentication system = splunk) . The below search lists all users SAML and Splunk but I'm only looking for local accounts. | r...
Hello everyone, we use LDAPS in Splunk to allow our employees to log in to the system (Search Heads). Is there a way for users to change their passwords when needed or after they have expired? Some users...
Hi! i have a report for users login in from different countries in the last 24 hours:
index="accesslogs" sourcetype=apilogs authIP=* | iplocation authIP | stats count(authIP) AS ipCount by a...
Hello, Is there any way where we can know what are all applications are accessed by the user instead of just logon/log off activities from the winevent logs? Can someone help me with the search? &n...
Hi Guys,
Is there anybody here knows how to remove user email from any Splunk alert and add new user email in his place!
I used this search to find any Splunk alerts related to the person I w...
Hi All, just wondering if anyone has a search that shows which user deleted another user in Linux ? Typically in the linux syslog messages, when we check for userdel messages , it o...
Hi,
After rebooting the server when I checked splunk services were not running. So I tried to start the splunk services, but getting the below error
this command can only be run by bootstart user