All Apps and Add-ons

Does the Cisco eStreamer for Splunk app support retrieving payload for intrusion events?

ctan123
New Member

Does the Cisco eStreamer for Splunk app support retrieving payload for intrusion events?

0 Karma
1 Solution

douglashurd
Builder

Yes. This is a configurable option in the Splunk eStreamer app because packet data will consume significant disk space if you choose to collect all packets with all IPS/IDS events. Docs on the app here: https://splunkbase.splunk.com/app/1629/#/documentation

View solution in original post

douglashurd
Builder

Yes. This is a configurable option in the Splunk eStreamer app because packet data will consume significant disk space if you choose to collect all packets with all IPS/IDS events. Docs on the app here: https://splunkbase.splunk.com/app/1629/#/documentation

View solution in original post

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!