Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
37 results
Sorted by:
11-11-2021
07:31 AM
Hey all, a bit Microsoft question.... We do want to monitor windows Group Policy changes in our Domain. We have installed Splunk Add-On and App for exchange and Active directory, and also t...
Labels
- Labels:
-
other
10-21-2016
12:10 PM
...iewer)
So, I would think all of these use cases trigger a read from the file system and I setup a File System auditing for the whole %SystemRoot%\System32\winevt\Logs in Windows Server group policy f...
05-21-2013
08:33 PM
The group policy audit does not show changes made to gpo's. I have two domain controllers in a forest, one serving the root domain and the other serving a subdomain. The Splunk App for AD uses e...
10-09-2019
02:09 AM
Hello, I want to display a table with the different modifications made on AD ( group add, user creation/removing, etc..) with the details of the operation but I cannot find the details in the logs....
02-07-2019
04:58 PM
Hello, i need your help, i want to know why i can not see logs from windows event code 4732 (New user) on the splunk search i ony see logs from 4624 and 4634, do i need to configure something?
06-02-2015
11:25 PM
...ailure
Audit Other Account Logon Events Success, Failure
Account Management
Policy Setting
Audit Application Group Management Success, Failure
Audit Computer Account Management Success, F...
09-11-2020
12:23 PM
...hat 4688 events are generated. You can enable this audit policy from the following Group Policy Object (GPO) container: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy C...
Labels
- Labels:
-
inputs.conf
-
universal forwarder
-
Windows
12-02-2020
10:11 AM
...est-ip":"dip_address", "db-user":"db_user", "source-ip":"sip_address", "real-time":"Nov 10 2020 23:20:51 GMT", "audit-policy":"["Policy - Login/Logout - SQL"]", "server-group":"s...
Labels
- Labels:
-
simple XML
10-29-2019
10:18 AM
Why do I need to configure the Windows event log audit policy and how do I make sure that I capture the correct events?
10-31-2019
06:20 AM
I'm working on creating either a report with a table or a dashboard to visualize the status of my Windows Audit Policy. The purpose of the report/dashboard is to measure compliance and detect any G...
