Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
795 results
Sorted by:
12-11-2018
01:34 PM
My company is beginning to use Power BI and we would like to get the audit logs from it into Splunk. I saw in the documentation that this gets audit logs from Exchange Online, SharePoint online and a...
07-08-2019
05:35 AM
2 Karma
The post question did include the answer, but then it could not be marked as an answer, therefore I pushed the content into a second post that could be marked as an answer.
03-12-2020
07:00 AM
I just noticed that our Redhat splunk servers are missing audit log data for users logging in to Splunk.
For example, this query no longer returns data:
index=_audit action="login attempt" "i...
Labels
- Labels:
-
audit
Show results in replies (5)
-
...ill never equal "login attempt" [audittrail] EVAL-action = case(match(_raw,"action\=login\s...
-
Did you manage to find the solution as to why the login activity is not showing up in Splunk 8.X?
-
...ourcetype=audittrail action="login attempt" info=* | stats count by user,info Previous example founds u...
-
I engaged splunk support and there was a code change around version 8.x that might have caused t...
-
...uccessful events aren't actually on the local search heads logs (/$SPLUNK_HOME/var/splunk/log/audit.log...
07-10-2020
12:19 PM
Hello
I have a problem with some .sqlaudit files
These files are being stored in the following path Z: \ audit \
Install a forwarder but Splunk doesn't seem to recognize these files.
Use the Splunk...
- Tags:
- splunk SQL sqlaudit
Labels
- Labels:
-
using Splunk Enterprise
04-29-2010
06:02 PM
3 Karma
Hello,
Is there a way I can configure the lea-loggrabber-splunk to collect Checkpoint's audit log(audit.log), instead of the default collection on traffic log(fw1.log)?
I am using the lea-log...
07-02-2020
02:06 AM
Hi All, As indicated here (https://community.splunk.com/t5/Getting-Data-In/Why-am-I-unable-to-monitor-SPLUNK-HOME-var-log-splunk-audit-log/m-p/506185#M86203), I have been able to get the audit.log f...
Labels
05-15-2013
01:53 PM
We are trying to pull back audit files back into Splunk. We are running into a couple of issues:
1.) Parsing the log file for the datetime/transaction/etc is unbelievable hard to decipher. Has a...
- Tags:
- parsing
4 weeks ago
Hi All,
I am new to splunk. We are using splunkcloud and version 8.2.
We are exploring how to ingest gitlab audit logs in splunk.
I checked gitlab project audit add on is not a...
Labels
- Labels:
-
other
Show results in replies (5)
-
Doesn't gitlab simply produce log files? So you could just install a Universal Forwarder and i...
-
It does produce the log files.. But I never tried forwarder and ingestion. Can you please shed s...
-
https://docs.splunk.com/Documentation/Splunk/latest/Data/Getstartedwithgettingdatain
-
thank you @ricm @PickleRick . But I think splunkcloud does not use f...
-
Splunk Cloud uses forwarders and IDM. IDMs are not available for all stacks. However, a...
11-20-2019
09:04 AM
Does anyone have examples of how to use Splunk to detect Windows audit log tampering?
2 weeks ago
...ith parsing for on-prem Jira audit logs (atlassian-jira.log and atlassian-servicedesk.log)? Or any Splunk guidance I can give the Jira admin to help make logging better. So far they have told me they d...
- Tags:
- Add-on for Atlassian JIRA Service Desk alert action
- Add-on for JIRA
- atlassian-jira.log
- atlassian-servicedesk.log
- JIRA Cloud Audit Logs Add-On for Splunk
Labels
- Labels:
-
configuration
