I'm not seeing the Network Resolution/DNS datamodel/dataset populated from the Splunk Add-on for Microsoft Windows DNS. The add-on was installed per the documentation on all Windows DNS servers.
C...
...or email related logs. And after that, I have to create an alias so that "ExchangeDetails.Recipients{}" is equivalent to "recipient" as indicated in the datamodel. Is that correct? Thank you for y...
...roblem is that the count where it shows how many emails were sent to a recipient is broken. Not sure if this search comes with ES or not but in the datamodel, it shows that this is a calculated field f...
...rpcclientaccesslog' and classified_charset='UTF-8'.
08-15-2010 15:40:52.336 DEBUG TailingProcessor - About to read data (Opening file: C:\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client A...
Hi all. I'm trying to understand how to map my diagnostic setting AAD data coming in from an mscs:azure:eventhub sourcetype to CIM. I notice in the official docs for the TA, it m...
...plunk built Add-ons about what Data sets from the Common Information Model (CIM) DataModel matches each of the sourcetypes
Does anyone know?
This are the sourcetypes included in the Splunk Add-on f...
Hello Everyone,
We are currently working on exchange logs (IIS), and trying to detect abnormal traffic from different countries for a unique user, which seemed fairly simple.
The main problem i...
...ns_server AND
DNS.src_category != dns_server
from the 'Network Resolution (DNS) > DNS' Datamodel.
In our environment the DNS DataModel is populated from events from Microsoft AD: S...
Good morning everyone,
I have a question. We have Enterprise apps like MicrosoftExchange and we would like specific application log data on it.
Now as i understand you have two options:
1...