Splunk Enterprise Security

Splunk Stream Built-in stream populating Dashboard vs Protocol Events

support0
Path Finder

Hi there,

I have deployed Splunk Stream on a distributed environment.

SH ES > Stream App + Stream TA
IDX > Stream TA
Win UF > Stream TA + imputs config received from SH ES

It worked with DNS data so I did not pay much attention to it, but then I realized I could only pull data from Streams entitled "Built-in stream populating XXX Dashboard".

The ones named XXX Protocol Events, I am not able to pull data from it.

Anyone knows the difference between Built-in stream populating XXX Dashboard & XXX Protocol Events stream.

What could be the cause for having one kind working and not the other one ?

I have tried to investigate _internal data without luck so far.

Thanks in advance for any advice,

0 Karma
1 Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee

Hello @support0,

Only streams populating the dashboards are enabled out of the box when you install Stream. You need to enable other streams and make sure they're properly assigned to the forwarder groups using the Splunk App for Stream config UI.

View solution in original post

support0
Path Finder

I had completely missed the "Configured Streams" part, thanks!!

0 Karma

vshcherbakov_sp
Splunk Employee
Splunk Employee

Hello @support0,

Only streams populating the dashboards are enabled out of the box when you install Stream. You need to enable other streams and make sure they're properly assigned to the forwarder groups using the Splunk App for Stream config UI.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...