Splunk Enterprise Security

CEF parsing on under Splunk Enterprie Security App

riqbal47010
Path Finder

I have strange issue,
I am receiving logs in CEF format from fireeye under index=fireeye. On search Head I am seeing fields being properly extracted under CEF format but on ES app, it is not showing as on search head. on both ends I have same type of packages installed. Is ES app stops CEF format field extraction ?

Labels (2)
0 Karma

tiaatim
Path Finder

Did you ever figure this out? I'm experiencing the same issue.

0 Karma
Get Updates on the Splunk Community!

SOAR Tenable.sc scan endpoint with credentials

When scanning an endpoint in SOAR how to you get a credential scan? I can start a scan via SOAR playbook but ...

KVStore failure after upgrade to 9.0

After upgrading to Splunk 9.0 on a single instance, we occasionally get KV Store errors.&nbsp;<span ...

Is there an add-on for the Cisco Meraki devices?

We have many&nbsp;Cisco Meraki devices sending data via syslog to Splunk. Is there an add-on for ...