Hi,
I'm wanting to split multiple event types into separate columns, and form one single row for a Linux system. Currently, my output looks similar to:
_time acct Type Result
12:49 smith User_Start Success
13:05 smith User_End Success
I would like to have it look more like this (if possible):
_time acct Type _time Type Result
12:49 smith User_Start 13:05 User_End Success
... View more
Greetings,
I'm utilizing Splunk Enterprise, and I'm wanting to audit whenever someone attempts to access and/or accesses the /var/log/audit folder on a Redhat 6.3 OS. Is there an already established SPL for this? Or does anyone have any suggestions?
V/R,
Cody
... View more