About VTARNG_Paul

youngsuh · ‎04-16-2024

Here are the setting that you can enable on the log.conf to get more detail logging. $splunk_install_dir$/etc/log.conf category.X509=DEBUG category.UiAuth=DEBUG Post the error message here or call support.

CyberRappa · ‎07-05-2023

Has anyone been able to figure this out? Thank you in advance.

VTARNG_Paul · ‎07-20-2022

FYI- https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SetupCACPIV

VatsalJagani · ‎05-06-2022

@VTARNG_Paul - That's the problem with Windows I always face is that XML data (which is a new version) is not always a replica of PlainText (Legacy) format. My views: Collect PlainText - WinEventLog:Security, WinEventLog:System, etc Collect XML - Windows Defender Logs, etc These are just some examples and my personal views on which has richer field information. You need to look at the EventViewer and decide which one has the right fields that you need. I hope this helps!!! Consider upvoting/accepting answer if this helped!!!

VatsalJagani · ‎05-05-2022

@VTARNG_Paul - If that resolves your answer consider accepting the solution for the reply which is most relevant so in the future new community members can get benefit from that as well. You can do that by clicking on the "Accept as Solution" button at the bottom of the reply.

Posts	10
Solutions	1
Karma Given	2
Karma Received	0
Member Since	‎05-03-2022

Online Status	Offline
Date Last Visited	‎09-06-2022 11:51 AM

XML Event Viewer Data Missing Message\Fields

Why does rex in dashboard says missing terminator ...

Re: Splunk authentication with CAC / Smart Card an...

Re: Using Splunk to Monitor Print Jobs

Re: DOD CAC/mod_rewrite

Re: XML Event Viewer Data Missing Message\Fields

Re: Why does rex in dashboard says missing termina...