Hi All ,
I am trying to get DNS data into Splunk Enterprise Security 4.5
we already have Windows Server DNS logs in Splunk Enterprise, can we map the same data into Enterprise Security?
if yes, what is the procedure? is there any Add-on to configure it?
Looked into the Splunk Add-on for Bro IDS but it didn't meet my requirement!
They should be mapped automatically because the built-in searches are looking for a specific set of sourcetypes.