Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
233 results
Sorted by:
06-10-2016
09:01 AM
1 Karma
Using Splunk 6.4.1
I am trying to monitor the WinEventLog://Security; however, I only need to monitor two EventCodes (4732 and 4624). Additionally, we are looking to remove all service accounts f...
08-07-2015
10:40 AM
We are installing Splunk on CentOS Linux in the next week or so. Our service accounts are going to be on an LDAP server. Will I be able to install and run the Splunk App for Enterprise Security w...
09-28-2019
07:07 AM
I am running Splunk on top of GCE instances, and I'd like to use GCE service account for the pubsub subscription instead of providing a JSON file. Is that possible? What would be the effort to i...
12-21-2020
08:45 AM
Hi, We have a service account svc_account, that should log into certain servers (Server1, Server2, Server 3). How would we create an alert to notify if svc_account logs into a server other t...
Labels
- Labels:
-
alert action
-
alert condition
06-27-2013
04:50 PM
...mbedded in the configs somewhere in addition to the windows service? I have an install that was done months ago using the local system account, and I'd like to change it to use a domain account. Assigning a...
- Tags:
- installation
- windows
09-09-2019
02:01 PM
Does anyone have examples of how to use Splunk to detect new interactive login from a service account?
03-07-2018
08:52 AM
I'm searching on Windows Security Auditing logs and the Security_ID field but when I do, I'm realizing that there is a section for Subject and Target Account. I want to be able to extract each i...
05-15-2020
03:01 AM
We would like to keep a copy of the log files before they get indexed for long term retention which gets downloaded via the API.
inputs.conf
[scwss-poll]
interval = 3600
sourcetype = symantec...
07-05-2013
02:29 AM
Hello everybody,
due to strict security requirements, I am trying to setup the Splunk Universal Forwarder service to run with a domain account that has NOT administrative privileges on the server....
10-19-2016
11:29 AM
I am working with a customer that is trying to narrow down their Windows Security logs. They would like to isolate the Event Code to only 4732,4624, while excluding Logon Type "3" and the list of Account...
