Hello,
We'd like to monitor configuration changes on our Linux host. For that we want to detect when in the datamodel Auditd the field name is equal to /etc/audit/* , /etc/audisp/* , o...
I need to get the list of .conf files. On running my below Splunk Query,
"| rest /services/configs/conf-props"
it returns the conf objects, but I need to find the .conf files instead of o...
I am trying to use LDAP authentication on my SHC.
Follwing the advice from here, I set up a working LDAP authentication and user role on a separate system and placed the resulting .conf files in a...
Hello,
I have a folder where I have different types of files in it and want to monitor the whole folder as one sourcetype with different props.conf
inputs.conf
[monitor:///mydata/my_folde...
Hi all. I have one SHC with 3 search heads I thought if I create a HEC using web gui in specific memer, others were replicated HEC But NOT how should I do to fix that? my SHC member have replic...
In a recent "Splunk Enterprise 9.0 Data Administration" class, the documentation says that Ingest Actions should be implemented on a Deployment Server. Am I correct that this only refers to I...
Hi All, for this year .conf 22 registratations are open and I see registation fee while signing up with personal account. is .conf 22 registration is free for Splunk partner com...
How would I write the props config file for following events, any help will be highly appreciated, thank you! Thu, 01 Jul 2021 00:20:04 -0400|system|flush_vulns|INFO|-1|Removing o...
I've been trying to utilize the linebreaker to break an xml file into multiple Splunk events. I've tried many different ways. I had looked at this example and I'm still having trouble. Here is the Co...
We wonder if it makes sense to break down the serverclass.conf into multiple smaller files.
As it grows into five or six thousand lines, we wonder if it makes sense to keep growing it up.
Any...