×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Rastegui
Engager
Member since: ‎03-10-2025
‎03-11-2025
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎03-10-2025
View All

How to identify user or process responsible for st...

by in Monitoring Splunk
‎03-10-2025 09:26 PM
‎03-10-2025 09:26 PM
I am trying to identify the user or process responsible for stopping the Splunk UF agent. What log source do I require to be able to see this. I have unsuccessfully tried: Searching in internal index - You can only see the service going down.  index=_internal sourcetype=splunkd host="DC*" component=Shutdown* Monitoring the windows system event log for forwarder shutdown event (EventCode 7036 ) No visibility on who performed the action. Looking for ideas on how this can be achieve from Splunk. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-11-2025 08:06 PM
Karma given to
View All