Hello,
We'd like to monitor configuration changes on our Linux host. For that we want to detect when in the datamodel Auditd the field name is equal to /etc/audit/* , /etc/audisp/* , o...
I need to get the list of .conf files. On running my below Splunk Query,
"| rest /services/configs/conf-props"
it returns the conf objects, but I need to find the .conf files instead of o...
I am trying to use LDAP authentication on my SHC.
Follwing the advice from here, I set up a working LDAP authentication and user role on a separate system and placed the resulting .conf files in a...
Hello,
I have a folder where I have different types of files in it and want to monitor the whole folder as one sourcetype with different props.conf
inputs.conf
[monitor:///mydata/my_folde...
How would I write the props config file for following events, any help will be highly appreciated, thank you! Thu, 01 Jul 2021 00:20:04 -0400|system|flush_vulns|INFO|-1|Removing o...
...e like this if (start next row > end previous row) 1:0; in this way I want to mark this lines with bool=1 if not bool=0 Please someone has some suggestion about how can I implement this? T...
Hi All, for this year .conf 22 registratations are open and I see registation fee while signing up with personal account. is .conf 22 registration is free for Splunk partner com...
I've been trying to utilize the linebreaker to break an xml file into multiple Splunk events. I've tried many different ways. I had looked at this example and I'm still having trouble. Here is the Co...
Hi all. I have one SHC with 3 search heads I thought if I create a HEC using web gui in specific memer, others were replicated HEC But NOT how should I do to fix that? my SHC member have replic...
In a recent "Splunk Enterprise 9.0 Data Administration" class, the documentation says that Ingest Actions should be implemented on a Deployment Server. Am I correct that this only refers to I...