Hi Community! Despite lots of reading and doing my best toget the answer from documentation, I can't see why the introduction of a deployment server is causing issues with the datagettingin...
...ultiple indexes linked to it. Shall I actually use the default data model in CIM, eg datamodel=Authentication with all the indexes in DMZ, ZoneA and ZoneB, or should I make copies of datamodel? S...
Hi Team, Want to mask two of the fields "password" and "cpassword" from the events which are getting written with the plain text information. So needs to be changed as #####. Sample event in...
Kindly help on how to mask the password present in the field "securityToken" in the IIS logs. Sample event for reference. 2023-11-02 06:53:00 xx.xxx.xxx.xx GET /Security/Security/Logon 1...
Hello. I'm a Splunk newbie. There is confusion about setting up data model acceleration. According to the official documentation, if the datain your data model is out of date, Splunk will c...
I'm trying to use the Splunk App for SOAR to forward logs and events from SOAR to Splunk Enterprise. The servers seem to be connected (test connectivity works) but the data (events, playbook runs e...
Hello Splunkers, I am New to Splunk and am trying to figure out how to parse nested JSON data spit out by an end-of-line test. Here is a sample event: {"serial_number": "PLACEHOLDER1234", "t...