Auditd hosts in all environments

Shows the login activity to our linux environments, sudo commands per host and users.

Admin Notes: index=main was changed to index=* due to not everyone using the same index. This dashboard has been tested for code errors, but not for search errors. 
Please comment if you have any issues!



Share This:


  1. Al

    Hi SplunkNinja:

    I attempted this in Splunk as well but nothing loaded in the dashboard. I tinkered with the XML, and still nothing. What version of Linux was this written for?

  2. Al

    I realized I had to change a lot of the queries for the results to show. I had to remove Trellis. I got it to work the GEOIP map was useful to detect remote SSH.

Leave A Comment?