Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
2,000 results
Sorted by:
04-27-2022
11:47 AM
I need to identify each Active Directory Service Accounts that are being used for authentication for my work group. I am trying to create a working list of active and disabled accounts. I am usi...
Labels
- Labels:
-
audit
02-15-2019
01:57 AM
Hello,
Is there a way to validate the fields used in the datamodel by how compliant they are with the current setup?
I am trying to validate and fix data models to receive optimum results in the...
03-14-2023
08:50 AM
Fairly new Splunk user here looking for Linux auditing solutions. I am running a disconnected version of Splunk Enterprise and thus cannot make use of the content pack which replaced the a...
Labels
- Labels:
-
Linux
07-10-2020
12:19 PM
Hello
I have a problem with some .sqlaudit files
These files are being stored in the following path Z: \ audit \
Install a forwarder but Splunk doesn't seem to recognize these files.
Use the S...
- Tags:
- splunk SQL sqlaudit
Labels
- Labels:
-
using Splunk Enterprise
08-24-2022
07:37 AM
We are trying to audit/monitor administrative activity to Splunk. Is there some canned dashboards or searches that can be used to monitor/review elevated privilege activity? How do we m...
Labels
- Labels:
-
audit
08-24-2023
06:58 AM
I'm looking specifically at the index for _configtracker to audit changes to serverclass.conf file. Because the nature of the <filtertype>.n = <value> the behavior is one action t...
Labels
- Labels:
-
field extraction
-
fields
09-06-2021
12:00 AM
I have been unable to get the universal forwarders to correctly collect the SMB Server audit logs. The inputs.conf file on the deployment server has the following stanza configured but there are no l...
Labels
- Labels:
-
inputs.conf
-
universal forwarder
-
Windows
Show results in replies (3)
-
...he DS, but while other Event IDs are coming as expected the Event ID 3000 (SMBServer Audit) logs a...
-
...orrect the channel access string for Microsoft-Windows-SMBServer/Audit. Thanks for the s...
-
Yep, the above stanza is correct. I was just impatient I think. The next morning I had pretty much ...
03-03-2023
08:31 AM
09-02-2019
07:49 PM
Hi,
I have audit data coming from a port (UDP) to Heavy Forwarder[via syslog] and have to apply rlog.sh on the same.
Just to start, I tried to monitor a custom path rather than the /var/log/audit...
