Latest Version 1.0.1
November 29, 2021
This app is archived. Learn more
This app provides field extractions and normalisation to the Common Information Model for /var/log/secure and /var/log/auth.log (linux_secure sourcetype). It is intended to replace the security-relevant aspects of the Splunk Add-on for Unix and Linux (Splunk_TA_nix) and as such it's strongly recommended that the Splunk_TA_nix app be removed from your search head before installing this app as they may conflict. This app requires no configuration and need only be installed on search heads (i.e. contains no index-time transforms).
(0)
Categories
Created By
Type
Downloads
Licensing
Splunk Answers
Resources