...ultiple indexes linked to it. Shall I actually usethe default data model in CIM, eg datamodel=Authentication with all the indexes in DMZ, ZoneA and ZoneB, or should I make copies of datamodel? S...
Hey All,
Running CIM in our ES instance and I had some questions around tagging or NOT tagging data.
Whats the best way to go about excluding certain events from being tagged by a data model....
...ecurity/hunting-m365-invaders-blue-team-s-guide-to-initial-access-vectors.html. But i can not find google work space login logs in actual ingest. We installed the ad-don and newest apps a...
...ntact, maybe not indexed, but can be indexed?
Is there a list of directories to just exclude from backup that are considered temporary or volatile scratch/index data?
Hello Splunkers,
Trying to fix the Web data models in theCIM and would like toexclude a couple of IP addresses. However, I'm struggling to form a white list for those specific IP addresses....
...plunk/var/spool/splunk/63g3hs73g37sh_events.stash_new'."
so what is happening?
is there anyway i can see whether thedata is getting push to IDX1 or IDX2
Thank you
I'm just trying to grok out how the Splunk_SA_CIM overlaps with the ES app in terms of data model accelerations. Out of the box it looks like it's set to accelerate a set of datamodels from the S...
Hi,
Whats the most efficient way touse a lookup table within a query toexclude results where 2 fields exist, i.e. a source IP address AND a destination port? so we only exclude results where B...
We have month performance reports on Calls and errors metrics, with a few calculations to do generate a application performance report. The report again has data broken into hourly buckets per day....