Hello fellow Splunkers - I have a quick question. We have a few platforms in our environment that are reporting different counts on which machines have AV installed on them. I'd like to incorporate Splunk in the mix and search all three platforms so that I can run side-by-side analysis on the counts of these platforms. What would be the best way to do this?
in Splunk the 70% of the work is to know what to do and then 30% is to do it in Splunk.
In other words, the first thing is to write a clear requisite in a file to maintain during the life of the application:
When you have a clear idea of above, then the job in Splunk is easy:
I found that Splunk is one of the most fantastic solutions for compliance and I use daily for this!