User Activity in DBConnect

The following Splunk query is for the DBConnect app.  This will return all user activity using this particular app. I’ve provided the regex in the search.   index=_audit sourcetype=audittrail action=”db_connect*” |eval Date=strftime(_time, “%Y/%d/%m”) |rex “user=(?<user>\S+),” | stats count by Date, user, info, action

Continue Reading →

Queries Executed in DBConnect

This Splunk query will show the DBX or DBConnect queries executed. I have limited information to work with so check back for updates.   Disclaimer – I’m using rex to replace HTML markup that is outputted and ingested by splunk. You may need to add to or remove this depending on your output (see query […]

Continue Reading →