We are using datamodel_summary heavily forSplunkEnterpriseSecurity and its quite slow in datamodel acceleration. Are there any good practices to speed up this acceleration from a design point of v...
Hello,
I am wondering if on a dedicated Search Head with SplunkEnterpriseSecurity it is better or not to enable Hyper-threading.
Our server is a blade with a dedicated VM with 2x20 p...
Hi. Does anyone know what "Time" is referring to from "Incident Review" from SplunkEnterpriseSecurity (see image below)? As seen from picture, there are more 1 incident triggered in "9/23/16 9:5...
Hello,
some correlation searches don't trigger. when I copy the search and tried to run on search window, I am getting error: "command="xswhere", [Errno 13] Permission denied". is this related to ...
Hi All, Currently we are facing performance issue while accessing the Splunk search head portal via web and ours is an Distributed Environment we have 5 indexer instances, four search heads, a s...
Hi,
For a very large environment what would be the license requirement? How many Search Heads, Indexers, Forwarders required and what are all the other components required?
Our team just transitioned from Splunk Add-on for windows v4 to v5. Changing references to sourcetypes among knowledge objects (KOs) (savedsearches, dashboards, data models, and notables) was a h...
Hello I have installed the add-on "Alien Vault Check OTX". I would like to know if out of this command where I can query an IP, HASH or domain for indicators of compromise, could someone give me a...