Archive2

Splunk Stream - DNS Logs

Builder

All,

I have enabled Splunk Stream on a single domain controller as a test to monitor the DNS traffic. It's largely went well but I am suprised to find I am not seeing the actually DNS query value. In the CIM I see query=* I also see that in Splunk TA DNS. Any idea why that isn't working on Stream?

0 Karma
Reply