Hi,
I've just uploaded a new App (Splunk for Oracle Audit Trails) what can parse and analyze Oracle Audit Trails sent via syslog. In the near future it will work with AUD$ table or any other audit view. This can be the one of the components of an SQL Application Suite.
Unfortunately this App is not yet available in SplunkBase but hopefully will be soon. Check out my profile later...
... View more
I have uploaded a new App (Splunk for Oracle Audit Trails) what can parse and analyze Oracle Audit Trails sent via syslog. It is not yet visible on SplunkBase but I hope it will be available soon.
... View more
You can extract the key/value pair with one extraction:
(?i)(?<_KEY_1>\S+):\s+"(?<_VAL_1>[^"]+)"
This will result these fields and values from you log:
SESSIONID=21288516
ENTRYID=5158831
STATEMENT=3585703
USERID=TEST
ACTION=6
RETURNCODE=0
OBJ_CREATOR=TEST
OBJ_NAME=SR_JOB
OS_USERID=auditwks
Note that Splunk is smart enough to replace the $ char in the field name.
... View more
I've just uploaded a new App (Splunk for Oracle Audit Trails) what can parse and analyze Oracle Audit Trails sent via syslog. It is not yet visible on SplunkBase but hopefully will be soon...
Check out my profile later...
... View more
I have uploaded a new App (Splunk for Oracle Audit Trail) what can parse and analyze Oracle Audit Trails sent via syslog. This App is not yet visible but hopefully will be soon. You can use that App to analyze your Oracle Audit Trail.
A new feature would be the ability of parsing your export files. You just have to ask for it 🙂
... View more