All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Phantom Remote Search Compatibility

mark_wymer
Path Finder
‎10-22-2021 08:05 AM

Hi all,

I’m just about to upgrade our Phantom / Splunk SOAR version to 5.0.1. The Version Compatibility matrix in the documentation for the Phantom Remote Search app suggests that this version isn’t supported though (  https://docs.splunk.com/Documentation/PhantomRemoteSearch/1.0.17/PhantomRemoteSearch/Abouttheapp )

I’m sure that it is compatible but could someone please confirm before I upgrade my Production Phantom platform.

Also, just an observation…. 14 indexes!!!! Would it not be more in keeping with general recommendations / strategy to have 1 index (or more for multiple Phantom instances) and have multiple sourcetypes?

many thanks,
Mark

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top