![]() ![]() This typically logs as a result of running a config health check through the ES Configuration Health custom search command feature. Returns knowledge objects and handles change request for them, also enforces schemas and other stanza-specific prefixes and so on.įor installation and upgrade, logs the health of ES configurations against a manifest file that ships with each ES release. Logs the status of the search process during asset and identity merge.Įs_investigations_rest_handler.log Sourcetype Identity Correlation Merge: Search Command Logs when datamodelsimple starts and finishes processing in a search command. For example, when searches are executed as first-time run tasks or when a CSV lookup table is migrated to a KV store collection during an app upgrade. Logs migration operations during ES upgrades. Logs when the search syntax of a correlation search, a lookup generating search, or an Assets and Identities LDAP search cannot be created or is incorrect. Logs when migration from nf to nf fails.Ĭustomsearchbuilder_rest_handler.log Sourcetype Logs errors and successful operations to the contentinfo REST handler and associated components, as used mostly by the Use Case Library and Analytic Story pages.Ĭorrelationmigration_rest_handler.log SourcetypeĬorrelationsearches:migration_rest_handler Logs the data sources referenced by contentinfo search-related objects. Logs output messages of the confcheck migration scripts, such as when migration from nf to nf fails. Persistent rest handler for managing apps on a search head cluster deployer. Logs export requests from the Content Management page, including the export package name as well as the download requests for exported packages.Īpps_shc_es_deployer_rest_handler.log Sourcetype Logs when downloading the distributed configuration management application "Splunk_TA_AROnPrem" in General Settings. Logs when exporting from Content Management into an app. Th make_content_pack.py script is used on Content Management when exporting knowledge objects.Īppmaker_make_content_pack.log Sourcetype The make_index_time_properties.py script is used by Distribute Conf Download. The make_on_prem.py script is used on Distributed Conf Management, which also has its own log file. Super class for all the appmaker scripts. Persistent rest handler for returning a list of ES permissions related to the the ess_permissions page. ![]() Logs when permissions policies are changed or enforced.Īpp_permissions_rest_handler.log Sourcetype The output is complementary to the configuration_check.log file. Logs CRUD options for certificates uploaded via the "Credential Management" page.Ĭhecks if apps, which had previously been imported, are not exporting their knowledge objects globally so that they are visible within ES. Logs create, read, update, and delete (CRUD) operations for analytics stories. You can also use log files from the Splunk platform to audit Splunk Enterprise Security activity using these log files: splunkd_access.log and audit.log.Īnalyticstory_rest_handler.log Sourcetype The path for all log files is $SPLUNK_HOME/var/log/splunk/. You can check the log files for errors and activity. Splunk Enterprise Security uses many custom log files to log errors and activity specific to the application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |