I have recently (yesterday) installed a new instance of Splunk on a VM. Another VM in a separate datacentre has the Splunk forwarder installed on it.
Whilst the data being indexed isn't highly s...
In the environment:
Windows:Security, Windows:Application and Windows:System being logged on Windows servers and sent via Universal Forwarder and Splunk_TA_Windows (about 300 forwarders on w...
...ed to the indexer(s)?
For example: I have security relevant log data and I want this data to be forwarded first, every time. So that non-security relevant data is held back until the security r...
...P:port ) can forwarddata and it will be well received.
My question here is: I think i am missing something but...
If a forwarder is a malicious or external one that can infect or disable the w...
...onfigures inputs.conf to monitor some basic win event logs (e.g System, Security, Application).
Both of the troublesome forwarders are on machines in a dmz and were installed by the same p...
...intel servers.
my question: how is datasecured as it is sent to syslog (splunk server)
ssh , tls
is there a preference
any info you can provide is appreciated.
...ile on the DC with the forwarder works fine, with no notable latency sending data to the indexers.
Clearing the Windows Security log allowed the events to catch-up for a short while, but they q...
So i have an interesting problem, and I figure I would ask for some ideas on here.
I have a large stream of secure and unsecure data going to a Heavy forwarder. Currently we are black holing s...
...ndexers in the 4th region.
Now the requirement is to secure the forwarded data using different certificates for each location. Server certificate could be same but the client certificates should be u...
Hello,
We are trying to cut the message field out of all of the Windows Security Logs coming from our domain controllers. I have tried looking though some of the other answer posts and I have t...