Hey Scott, I realize this is a super old thread, but I was curious how you went about "reading the audit logs (in XML format) and then forwarding them to Splunk". Just a high level overview would be very helpful. I'm fairly new to Splunk and haven't found much guidance from NetApp or Splunk. I have CIFS audit logging enabled in ONTAP/Windows, just not sure the best way to get it to Splunk. Thanks.
↧