Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
433 results
Sorted by:
07-02-2020
02:06 AM
...o do is to deploy a props.conf on the HF to indicate the following: [audittrail]
SHOULD_LINEMERGE = false
SEDCMD = s/\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}\.\d{3}.* INFO AuditLogger - //g &n...
Labels
11-05-2019
01:04 PM
...ost123.secure.2019080165784.audit.log.1
I want Splunk to have host as "host1" and "hostab" and "host123", and etc..
I have this in inputs.conf:
[monitor:///audit/files]
host_regex = \/S+([^.])....
06-07-2018
10:03 AM
...ave host as "scc145" and "dmzbackend", and etc..
I have this in inputs.conf:
[monitor:///audit/files]
host_regex = ([^0-9./][A-Za-z0-9-]*[^.audit.log])
Also tried
host_regex = /audit/f...
08-06-2020
02:32 AM
Some one please help me here.. i am trying to monitor /var/log/audit/audit.log using universal forwarder and sending it to indexer.. but logs are not being sent to indexer..here is the log i m s...
Labels
- Labels:
-
indexer
-
universal forwarder
06-22-2020
03:16 AM
...ome community articles. Unfortunatly we still get other indexes (e.g. fortinet) forwarded also. Any idea what we make wrong ? The last try from the ..\system\local\outputs.conf: ## 21.6.2020 [t...
Labels
- Labels:
-
configuration
05-27-2019
02:43 AM
Hi,
my props.conf for reading the SAP Security Audit Log looks like this:
[sap:sal]
category = Custom
LINE_BREAKER=.()2AU
CHARSET=utf-16be
TIME_PREFIX=2AU.
TIME_FORMAT=%Y%m%d%H%M%S
S...
02-27-2020
05:52 AM
...r /etc/libaudit.conf . Here is our basic search:
| tstats `security_content_summariesonly` count from datamodel=Auditd where nodename=Auditd.Path by _time span=1s host Auditd.name
| `d...
02-14-2017
01:19 PM
I created an app named a_uf_inputs_conf. The app simply contains inputs.conf that has the monitor stanza's below. This app was deployed to both Windows and Linux servers. It is working on the W...
Show results in replies (6)
-
By default, Splunk audit events coming from non-Windows universal forwarders are sent to the null q...
-
Here my answer on another thread to solve, once audit.log was ingested, the issue with merged e...
-
...onfiguration that send it to null queue: default/props.conf [source::.../var/log/splunk/audit...
-
Hi matthewroberson69! You actually shouldn't need to create a monitor for the audit log, as S...
-
..._uf_inputs_conf/local/inputs.conf [monitor:///opt/splunkforwarder\var\log\splunk\audit.log] /opt/s...
-
...indows UFs, the /opt/splunkforwarder/var/log/splunk/audit.log messages started coming through after I m...
09-11-2020
12:23 PM
I was following this guide on adding command line logging to my GPO. I verified that the current GPO has these settings. You must enable the Audit Process Creation audit policy so t...
Labels
- Labels:
-
inputs.conf
-
universal forwarder
-
Windows
09-09-2013
02:17 PM
2 Karma
Hi,
I,am having problem with the configuration inputs.conf file, I'm monitoring remote computer with universal forwarder.
Remote host (monitoring):
Ditectory E:\SQL\Audit\Log
F...
