Hi, First question here - apologies if it's obvious or basic! I am trying to parse a nested list and find specific policies that match a couple of criteria. But I can't seem to get the logic right....
The object= line in the inputs.conf for TA-Exchange-2013-ClientAccess doesn't match the throttling-counters search macro. See below:
[perfmon://MSExchange_Throttling]
index=perfmon
object=M...
I have an unusual requirement from my client. To satisfy log retention policies (among other things) I need to send Splunk logs (from the indexer) to a syslog server (RHEL - rsyslog). I have seen m...
...ourcetype=netskope earliest=-2h NOT (alert_name IN ("pdm", " External_Shared Files - Alert", "All DLP Policies")) | stats dc(alert_name) as alert_count,values(_time) as incident_time by user Throttling...
I've found that for Splunk Enterprise, there is the Securing Splunk Enterprise document, outlining recommended security configurations. Does a similar document exist for Splunk Cloud to e...
Hello,
Our client want other area's people to visualize a glass table dashboard. the thing is that for security policies, no one except our client's area can access the ITSI servers (even from t...
I need to raise an E-mail alert for a particular sql command query in Splunk 6.1.0. i. e if the number of rows is greater than 9. I have created an alert for dbquery (|dbquery "SystemLog" "Select * f...