User Activity in DBConnect

The following Splunk query is for the DBConnect app. ¬†This will return all user activity using this particular app. I’ve provided the regex in the search.   index=_audit sourcetype=audittrail action=”db_connect*” |eval Date=strftime(_time, “%Y/%d/%m”) |rex “user=(?<user>\S+),” | stats count by Date, user, info, action

Continue Reading →

Queries Executed in DBConnect

This Splunk query will show the DBX or DBConnect queries executed. I have limited information to work with so check back for updates.   Disclaimer – I’m using rex to replace HTML markup that is outputted and ingested by splunk. You may need to add to or remove this depending on your output (see query […]

Continue Reading →