Hello, Splunkers!
I use splunk_TA_nix and this search does not give results. lastlog.sh permissions 754.
Who.sh does not show any data too.
Splunkd is running by root account on CentOS 7.
Is it true that this search must show info about last login of all accounts in each event?
Ok, thanks to all, I have the answer 😃
Yes, when Splunk_TA_nix is properly installed it shows info about lastlogin in each event.
I have done 2 steps to resolve my issue:
1) I have set 755 permissions to all .sh scripts in Splunk_TA_nix
2) And the most important thing I have installed and enabled Splunk_TA_nix on my Windows Search head (In inputs.conf all stanzas must be disabled. It is by default. Do not change this default setting).
Ok, thanks to all, I have the answer 😃
Yes, when Splunk_TA_nix is properly installed it shows info about lastlogin in each event.
I have done 2 steps to resolve my issue:
1) I have set 755 permissions to all .sh scripts in Splunk_TA_nix
2) And the most important thing I have installed and enabled Splunk_TA_nix on my Windows Search head (In inputs.conf all stanzas must be disabled. It is by default. Do not change this default setting).