Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About fl66
fl66
Observer
Member since:
06-18-2021
12-22-2024
Community Statistics
| Posts | 5 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 06-18-2021 |
Activity Feed
- Posted Re: How do I modify configurations for an splunk app installed on splunk cloud? on All Apps and Add-ons. 12-22-2024 12:48 PM
- Posted How do I modify configurations for an splunk app installed on splunk cloud? on All Apps and Add-ons. 12-22-2024 12:38 PM
- Posted Re: SQL audit log not working when using event_time as indexing on Getting Data In. 11-14-2024 06:50 AM
- Posted SQL audit log not working when using event_time as indexing on Getting Data In. 11-11-2024 08:13 AM
- Posted Onelog set up page failed on All Apps and Add-ons. 07-27-2024 08:42 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
12-22-2024
12:48 PM
The app was installed from splunkbase. I tried to add the inputs.conf file to change to a custom index. The new package was rejected when I uploaded to splunk cloud, even if I changed the app ID. Thank you!
... View more
12-22-2024
12:38 PM
Hi, I installed a splunk app and events are sent to default index. But I need to change the index to be a custom index. I tried to create local/inputs.conf file and repackaged the app. The app was rejected when I uploaded it to splunk cloud even if I changed the appID. I also looked at Splunk ACS API, but could not figure out if that can be used to customize configuration files and what are the endpoint URL to use. thanks in advance.
... View more
Labels
- Labels:
-
administration
11-14-2024
06:50 AM
I used this. Thank you! SELECT * FROM sys.fn_get_audit_file('/tmp/SQLAudit/*',default,default) WHERE event_time > ? ORDER BY event_time ASC Sample data in Splunk with index with current. The site won't allow me to post sql query result in the readable format. 2024-11-11 20:58:14.339, event_time="2024-11-11 15:58:14.3397210", sequence_number="1", action_id="DR ", succeeded="1", is_column_permission="0", session_id="53", server_principal_id="1", database_principal_id="1", target_server_principal_id="0", target_database_principal_id="0", object_id="6", class_type="DB", session_server_principal_name="sa", server_principal_name="sa", database_principal_name="dbo", server_instance_name="u22", database_name="testdb114", object_name="testdb114", statement="drop database testdb114", file_name="/tmp/SQLAudit/MSSQL_Server_Audit_5C4ED78A-BFBD-4C6C-8793-F98B88C55293_0_133757544438840000.sqlaudit", audit_file_offset="20992", user_defined_event_id="0", audit_schema_version="1", transaction_id="852605", client_ip="127.0.0.1", application_name="SQLCMD", duration_milliseconds="0", response_rows="0", affected_rows="0", connection_id="EB46CB4B-CF55-48EA-B497-99D4A04D41FF", host_name="u22", client_tls_version="771", client_tls_version_name="1.2", database_transaction_id="0", ledger_start_sequence_number="0", is_local_secondary_replica="0
... View more
11-11-2024
08:13 AM
Hi, I am using the Db connect 3.18.1 to collect sql audit logs FROM sys.fn_get_audit_file function. When I use event_time as the indexing column, no events are collected with no error messages. But when I changed the indexing to be Current, I got the audit events logged to the indexer. But no logs were collected when I used event_time as indexing column. I did not see any useful or error messages from debug logs. Appreciate any help or tips. thanks,
... View more
Labels
- Labels:
-
heavy forwarder
07-27-2024
08:42 AM
Hi, We installed splunk_TA_onelogin app on Splunk cloud, however the set up page keeps on failing with message "The "OneLogin - Setup Page" app has not been fully configured yet.". We verified the onelogin credentials working correctly. Question: Does the app works in Splunk cloud? Should we install it on heavy forwarder as there are input.conf and props.conf files inside the TA package. Thanks, FL
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-22-2024
04:19 PM
|
