Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SplunkDire [ldap:open:audit]
- system ANNOTATE_PUNCT = True
- SplunkDire BREAK_ONLY_BEFORE = ^#\s+\w+\s+\d+\s+.*$
- SplunkDire BREAK_ONLY_BEFORE_DATE = False
- system CHARSET = UTF-8
- system DATETIME_CONFIG = /etc/datetime.xml
- system HEADER_MODE =
- system LEARN_SOURCETYPE = true
- system LINE_BREAKER_LOOKBEHIND = 100
- SA-Identit LOOKUP-asset_lookup_dest_only = asset_lookup_dest_only dest OUTPUT dest_owner,dest_priority,dest_lat,dest_long,dest_city,dest_country,dest_bunit,dest_category,dest_pci_domain,dest_is_expected,dest_should_timesync,dest_should_update
- SA-Identit LOOKUP-asset_lookup_dvc_only = asset_lookup_dvc_only dvc OUTPUT dvc_owner,dvc_priority,dvc_lat,dvc_long,dvc_city,dvc_country,dvc_bunit,dvc_category,dvc_pci_domain,dvc_is_expected,dvc_should_timesync,dvc_should_update
- SA-Identit LOOKUP-asset_lookup_host_only = asset_lookup_host_only host OUTPUT host_owner,host_priority,host_lat,host_long,host_city,host_country,host_bunit,host_category,host_pci_domain,host_is_expected,host_should_timesync,host_should_update
- SA-Identit LOOKUP-asset_lookup_orig_host_only = asset_lookup_orig_host_only orig_host OUTPUT orig_host_owner,orig_host_priority,orig_host_lat,orig_host_long,orig_host_city,orig_host_country,orig_host_bunit,orig_host_category,orig_host_pci_domain,orig_host_is_expected,orig_host_should_timesync,orig_host_should_update
- SA-Identit LOOKUP-asset_lookup_src_only = asset_lookup_src_only src OUTPUT src_owner,src_priority,src_lat,src_long,src_city,src_country,src_bunit,src_category,src_pci_domain,src_is_expected,src_should_timesync,src_should_update
- SA-AccessP LOOKUP-src_user_account_lookup = user_account_lookup user as src_user OUTPUTNEW is_privileged as src_user_is_privileged,is_default as src_user_is_default,is_watchlist as src_user_is_watchlist
- SA-AccessP LOOKUP-user_account_lookup = user_account_lookup user OUTPUTNEW is_privileged as user_is_privileged,is_default as user_is_default,is_watchlist as user_is_watchlist
- system MAX_DAYS_AGO = 2000
- system MAX_DAYS_HENCE = 2
- system MAX_DIFF_SECS_AGO = 3600
- system MAX_DIFF_SECS_HENCE = 604800
- system MAX_EVENTS = 256
- system MAX_TIMESTAMP_LOOKAHEAD = 128
- system MUST_BREAK_AFTER =
- system MUST_NOT_BREAK_AFTER =
- system MUST_NOT_BREAK_BEFORE =
- SplunkDire REPORT-AuditUser = loa-audituser
- SplunkDire REPORT-MultiValueAudit = loa-MultiValueAudit
- system SEGMENTATION = indexing
- system SEGMENTATION-all = full
- system SEGMENTATION-inner = inner
- system SEGMENTATION-outer = outer
- system SEGMENTATION-raw = none
- system SEGMENTATION-standard = standard
- SplunkDire SHOULD_LINEMERGE = True
- system TRANSFORMS =
- system TRUNCATE = 10000
- system maxDist = 100
- SplunkDire priority = 100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement