Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network resources but my other search head for apps is getting all data

RK_sp1unk
New Member
‎10-02-2019 12:56 PM

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network resources however my other search head for apps is getting all data

A distributed architecture with a single instance for 1 indexer, 1 Search Head, 1 Search Head with Enterprise Security, 1 Heavy Forwarder and 1 Deployment server is designed to ensure enhance log search performance. The following are essential components of Distributed Architecture implemented in our setup.

• 1 Search Head with License Master
• 1 Search Head running Enterprise Security App
• 1 Deployment server
• 1 Indexer
• 1 Heavy Forwarder

How can I solve this now, but my ES dashboard like security posture, incident reviews shows data from windows events, logs etc but no network logs

threat intelligence, endpoints, risks, malware, email activity, DNS activity, access, traffic , http, intrusion have not adequate details on firewall,DLP,WAF,MFA,Apex, ....etc

even if i search for user in splunk ES search head normal search no results...

we have all this apps on other search head working fine....we have one indexer peer ....

Need to fix this at priority....please help

0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...