I am now very new to Splunk. I have installed a Splunk forwarder to monitor Window Security Logs, but would like also build a search to search who deleted and modified files / folder for the last 24 hours. Please point me to the right direction. Also, is it possible to prompt asking to enter the server name or file name when the search is running? Thanks.
↧