Folks,
I am looking to configure the Anomalous System Uptime report within the PCI app. As per the manual: "Relevant data sources for this report include uptime data extracted through scripts from Windows, Unix, or other hosts." Is then the Splunk_TA_windows pre-configured to pull the SystemUpTime? I cannot seem to find anything related to system uptime within the Windows logs; I tried looking at the data by doing sourcetype=Win*.
What does "data extracted through scripts" mean? Is this something that the Splunk Admin has to pull via Scripted Inputs?
Thanks!
http://docs.splunk.com/Documentation/PCI/2.1.1/Install/AnomalousSystemUpdate
↧