Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About andybento
andybento
New Member
Member since:
03-11-2015
06-05-2020
Community Statistics
| Posts | 4 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 03-11-2015 |
Activity Feed
- Posted Re: Why are we receiving all Windows event log data except security logs from our domain controller? on Getting Data In. 03-20-2015 11:55 AM
- Posted Re: Why are we receiving all Windows event log data except security logs from our domain controller? on Getting Data In. 03-20-2015 11:33 AM
- Posted Why are we receiving all Windows event log data except security logs from our domain controller? on Getting Data In. 03-20-2015 11:13 AM
- Tagged Why are we receiving all Windows event log data except security logs from our domain controller? on Getting Data In. 03-20-2015 11:13 AM
- Tagged Why are we receiving all Windows event log data except security logs from our domain controller? on Getting Data In. 03-20-2015 11:13 AM
- Tagged Why are we receiving all Windows event log data except security logs from our domain controller? on Getting Data In. 03-20-2015 11:13 AM
- Tagged Why are we receiving all Windows event log data except security logs from our domain controller? on Getting Data In. 03-20-2015 11:13 AM
- Tagged Why are we receiving all Windows event log data except security logs from our domain controller? on Getting Data In. 03-20-2015 11:13 AM
- Posted Monitor AD Group Changes? on Getting Data In. 03-13-2015 08:06 AM
- Tagged Monitor AD Group Changes? on Getting Data In. 03-13-2015 08:06 AM
- Tagged Monitor AD Group Changes? on Getting Data In. 03-13-2015 08:06 AM
- Tagged Monitor AD Group Changes? on Getting Data In. 03-13-2015 08:06 AM
- Tagged Monitor AD Group Changes? on Getting Data In. 03-13-2015 08:06 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
03-20-2015
11:55 AM
Also, just removed UAC from the server 2012 R2 and able to see more sourcetype (was at 3 and now 5) but still no security event logs.... only Application, System, Directory Service, DNS Server, DNS Replication
... View more
03-20-2015
11:33 AM
In addition, version is 6.2.2 and the DC is windows server 2008 R2 (and we are trying as well on Windows Server 2012 R2) but same results.
... View more
03-20-2015
11:13 AM
Hi,
Having issues in not seeing our security logs from our DC. Here is our code:
[WinEventLog://Security]
disabled = 0
start_from = oldset
current_only = 0
checkpointInterval = 5
This inputs file is located under here with all the other code:
C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\local
We are receiving Application, system, etc. but no security logs.
Also, we ran the following command splunk btool inputs list and see the following blacklist show up ..
blacklist1 = EventCode="4662" Message="Object Type:\s+(?!groupPolicyContainer)"
blacklist2 = EventCode="566" Message="Object Type:\s+(?!groupPolicyContainer)"
but we still are not receiving any security logs for our DC, but are receiving everything else. Can anyone shed some light into this?
... View more
03-13-2015
08:06 AM
Hi All,
Trying to understand how I can get the recent membership changes, query working for Domain Admins group. I want to see what there are changes (eithering adding or removing) users from the Domain Admins. Have tried a few queries but no results.
Wondering anyone out there could assist?
'group-changes-for-group("My Domain Name","Domain Admins")`
Thanks,
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
