Log file name
|
Purpose
|
correlationsearches_rest_handler.log
|
Logs calls to the correlation searches REST handler. Indicates when the correlation searches REST handler was called.
|
es_installer_controller.log
|
Logs calls to the Enterprise Security installer controller and provides information about activities that occurred when Enterprise Security is installed or upgraded.
|
essinstall.log
|
Logs actions taken by the Enterprise Security setup page and provides information about the actions taken when the Enterprise Security setup page is invoked.
|
eventgen.log
|
Logs actions taken by the event generator. Includes information about which samples were used and when data is generated.
|
governance_makeCSV.log
|
Logs activities from the script which populates the governance lookup. Indicates when the governance script has requested a refreshing of the governance lookup file.
|
governance_rest_handler.log
|
Logs activity from the governance REST handler which performs updates to the governance lookup file. Indicates when the governance REST handler has refreshed the governance lookup file.
|
identityLookup_base_class.log
|
Logs activity from the identity lookup helper classes for expanding the user-editable identity lookup file in the Splunk readable format. Indicates when the user-editable identity lookup file is in the Splunk readable format; can identify errors in the identity lookup file.
|
identityLookup_reload.log
|
Logs activity from the scripted input that invokes updates to the identity lookup file and indicates when the identify lookup file refresh is invoked.
|
identityLookup_rest_handler.log
|
Logs activity from the identity lookup REST handler that updates the identity lookup file. Indicates when the identity lookup file is updated.
|
intentions.log
|
core log file
|
LogReviewPopup_rest_handler.log
|
Logs from the REST handler responsible for providing the log review configuration settings. Contains requests for or changes to log review settings.
|
log_review_popup_module.log
|
Logs activity from the log review popup module (on the Incident Review page), and provides information about changes to notable events made from the Incident Review page.
|
notable_event_status.log
|
Logs activity from the notable event status helper classes that manage notable event statuses, and provides information about changes to the notable event statuses.
|
notable_event_suppression.log
|
Logs activity from the notable event suppression helper classes that manage notable event suppressions. Provides information about changes to the notable event suppressions.
|
notable_event_suppression_autoDisable.log
|
Logs activity from the scripted input responsible for disabling expired notable event suppressions. Indicates when expired suppressions are pruned.
|
notable_owners.log
|
Logs activity from the scripted input that updates the list of notable owners. Indicates when the list of notable owners is refreshed.
|
postprocess.log
|
Logs activity from the scheduled post-process that takes the results from a scheduled search and performs additional processing. Indicates when search results are post-processed.
|
postprocess_base_class.log
|
Logs activity from a post-process helper class that provides access to the post-processes. Indicates when post-processes are retrieved.
|
postprocess_rest_handler.log
|
Logs activity of post-process REST handler. Indicates when post-processes are accessed, updated, created, or deleted.
|
python.log
|
core log file
|
python_modular_input.log
|
Logs activity from python-based modular inputs.Indicates when python-based modular inputs are executed and provides information useful for debugging problems with modular inputs.
|
reviewstatuses_makeCSV.log
|
Logs activity from the script responsible for updating the review statuses lookup. Indicates when the review statuses lookup file is refreshed.
|
reviewstatuses_rest_handler.log
|
Logs requests to the review statuses REST handler that provides access and modifications to the review statuses. Indicates when review statuses are accessed or modified.
|
searches.log
|
core log file
|
suppressions_rest_handler.log
|
Logs requests to the suppressions REST handler that provides access and modifications to the notable event suppressions. Indicates when the notable event suppressions are accessed or modified.
|
transitioners_rest_handler.log
|
Logs requests to the list of people who can transition notable events statuses. Indicates when the list of notable status transitioners are requested.
|
transitions_rest_handler.log
|
Logs requests for access to or changes to the list of transitions. Indicates when the notable event transitions are accessed or modified.
|
tsidxstats_rest_handler.log
|
Logs requests to the TSIDX REST handler that provides information about TSIDX namespaces. Indicates when TSIDX namespace information is requested.
|
Feedback submitted, thanks!