Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
564 results
Sorted by:
07-02-2020
02:06 AM
...o do is to deploy a props.conf on the HF to indicate the following: [audittrail]
SHOULD_LINEMERGE = false
SEDCMD = s/\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}\.\d{3}.* INFO AuditLogger - //g &n...
Labels
09-20-2017
08:01 AM
I'm getting this error: Invalid key in stanza [auditTrail] in /opt/splunk/etc/system/local/audit.conf
Looking at the audit.conf.spec, that key is no longer mentioned. In earlier versions it was....
11-05-2019
01:04 PM
...ost123.secure.2019080165784.audit.log.1
I want Splunk to have host as "host1" and "hostab" and "host123", and etc..
I have this in inputs.conf:
[monitor:///audit/files]
host_regex = \/S+([^.])....
09-06-2021
12:00 AM
I have been unable to get the universal forwarders to correctly collect the SMB Server audit logs. The inputs.conf file on the deployment server has the following stanza configured but there are no l...
Labels
- Labels:
-
inputs.conf
-
universal forwarder
-
Windows
12-07-2021
12:37 PM
...abel = Omega Core Audit for Oracle
is_visible = 1
[triggers]
reload.inputs_templates.conf = simple Note the reload.inputs_templates.conf = simple under [triggers]. So why the failure by A...
- Tags:
- appinspect
Labels
- Labels:
-
app
06-07-2018
10:03 AM
...ave host as "scc145" and "dmzbackend", and etc..
I have this in inputs.conf:
[monitor:///audit/files]
host_regex = ([^0-9./][A-Za-z0-9-]*[^.audit.log])
Also tried
host_regex = /audit/f...
04-05-2022
07:52 PM
...omething.something. 10/4/2021 5:00 AM | Audit | hi user | something.something. 12/15/2022 is taking as 2/15/22. Below is the props.conf am using it. SHOULD_LINEMERGE=true LINE_BREAKER=([/r/n...
02-14-2022
01:22 AM
...OGIN msg=audit(02/08/2022 15:00:01.751:4323) : pid=30891
----
type=USER_ACCT msg=audit(02/08/2022 15:00:01.751:4324) : pid=30892
----
Props.conf
[src_type]
SHOULD_LINEMERGE = false
L...
Labels
- Labels:
-
indexer
-
props.conf
-
transforms.conf
08-06-2020
02:32 AM
Some one please help me here.. i am trying to monitor /var/log/audit/audit.log using universal forwarder and sending it to indexer.. but logs are not being sent to indexer..here is the log i m s...
Labels
- Labels:
-
indexer
-
universal forwarder
06-22-2020
03:16 AM
...ome community articles. Unfortunatly we still get other indexes (e.g. fortinet) forwarded also. Any idea what we make wrong ? The last try from the ..\system\local\outputs.conf: ## 21.6.2020 [t...
Labels
- Labels:
-
configuration
