|
SplunkForChangeManagement
Splunk for Change Management Application
IntroductionThe most up-to-date version of this page lives here. Splunk captures and indexes filesystem changes, database audit logs and actual configuration files and database records alongside configuration policy, change tickets, error events and other IT data for contextualized view of change. DetailsInstalling the Splunk for Change Management ApplicationTo install the Splunk for Change Management application, first unpack the tarball inside $SPLUNK_HOME/etc/bundles. To configure this application, the issues you need to consider are data sources, host tags, event types, and alerts. The sections below address what needs to be done for each of these aspects. For more information, see the documentation on how to install Splunk applications. Don't forget to enable the scripted inputs with "disabled = false" Data SourcesSplunk for Change Management has several data sources configured by default including file system changes in /etc, linux auditd and linux yum. The change management stanzas from inputs.conf are labeled "fschange". The auditd and yum inputs are scripted inputs. |
Sign in to add a comment