Splunk® Enterprise Security

Installation and Upgrade Manual

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Acrobat logo Download topic as PDF

List of Enterprise Security app log files

Log file name Purpose
correlationsearches_rest_handler.log Logs calls to the correlation searches REST handler. Indicates when the correlation searches REST handler was called.
es_installer_controller.log Logs calls to the Enterprise Security installer controller and provides information about activities that occurred when Enterprise Security is installed or upgraded.
essinstall.log Logs actions taken by the Enterprise Security setup page and provides information about the actions taken when the Enterprise Security setup page is invoked.
eventgen.log Logs actions taken by the event generator. Includes information about which samples were used and when data is generated.
governance_makeCSV.log Logs activities from the script which populates the governance lookup. Indicates when the governance script has requested a refreshing of the governance lookup file.
governance_rest_handler.log Logs activity from the governance REST handler which performs updates to the governance lookup file. Indicates when the governance REST handler has refreshed the governance lookup file.
identityLookup_base_class.log Logs activity from the identity lookup helper classes for expanding the user-editable identity lookup file in the Splunk readable format. Indicates when the user-editable identity lookup file is in the Splunk readable format; can identify errors in the identity lookup file.
identityLookup_reload.log Logs activity from the scripted input that invokes updates to the identity lookup file and indicates when the identify lookup file refresh is invoked.
identityLookup_rest_handler.log Logs activity from the identity lookup REST handler that updates the identity lookup file. Indicates when the identity lookup file is updated.
intentions.log core log file
LogReviewPopup_rest_handler.log Logs from the REST handler responsible for providing the log review configuration settings. Contains requests for or changes to log review settings.
log_review_popup_module.log Logs activity from the log review popup module (on the Incident Review page), and provides information about changes to notable events made from the Incident Review page.
notable_event_status.log Logs activity from the notable event status helper classes that manage notable event statuses, and provides information about changes to the notable event statuses.
notable_event_suppression.log Logs activity from the notable event suppression helper classes that manage notable event suppressions. Provides information about changes to the notable event suppressions.
notable_event_suppression_autoDisable.log Logs activity from the scripted input responsible for disabling expired notable event suppressions. Indicates when expired suppressions are pruned.
notable_owners.log Logs activity from the scripted input that updates the list of notable owners. Indicates when the list of notable owners is refreshed.
postprocess.log Logs activity from the scheduled post-process that takes the results from a scheduled search and performs additional processing. Indicates when search results are post-processed.
postprocess_base_class.log Logs activity from a post-process helper class that provides access to the post-processes. Indicates when post-processes are retrieved.
postprocess_rest_handler.log Logs activity of post-process REST handler. Indicates when post-processes are accessed, updated, created, or deleted.
python.log core log file
python_modular_input.log Logs activity from python-based modular inputs.Indicates when python-based modular inputs are executed and provides information useful for debugging problems with modular inputs.
reviewstatuses_makeCSV.log Logs activity from the script responsible for updating the review statuses lookup. Indicates when the review statuses lookup file is refreshed.
reviewstatuses_rest_handler.log Logs requests to the review statuses REST handler that provides access and modifications to the review statuses. Indicates when review statuses are accessed or modified.
searches.log core log file
suppressions_rest_handler.log Logs requests to the suppressions REST handler that provides access and modifications to the notable event suppressions. Indicates when the notable event suppressions are accessed or modified.
transitioners_rest_handler.log Logs requests to the list of people who can transition notable events statuses. Indicates when the list of notable status transitioners are requested.
transitions_rest_handler.log Logs requests for access to or changes to the list of transitions. Indicates when the notable event transitions are accessed or modified.
tsidxstats_rest_handler.log Logs requests to the TSIDX REST handler that provides information about TSIDX namespaces. Indicates when TSIDX namespace information is requested.
Last modified on 01 July, 2014
PREVIOUS
List of search macros
  NEXT
Search Head Clustering

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1, 3.2, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.3.3


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters