AnsweredAssumed Answered

PIM-Splunk event format and field eplaination

Question asked by bhopr04 Employee on Mar 1, 2018
Latest reply on Mar 5, 2018 by mulan04

I have PIM integrated with Splunk and having following questions on logs.

1. What are the fileds(or list of fields) appearing in events collected by Splunk?
2. Can someone explain the log format(like sequesnce of fileds in log)?

Sample event collected in Splunk-

Mar  1 10:36:18 S137AF5.netf.adint.ssa.gov  S137AF5 CEF Ver1.0| CA Technologies|Privileged Identity Manager|12.9 SP2|1|Login event|4| EVENT_HEADER=1 dhost=s137a76 Event_type=Login event Status=Permitted susr=root dst=_CRONJOB_ Program=SBIN_CROND start=01 Mar 2018 Time=06:30:01 message=Resource UACC check User_Logon_Session_ID=5a9788e7:00006374 Audit_flags=0 nStatus=80 rt=1519903801 nReason=2 nStage=59

Outcomes