...ention of these tagsin any place, starting with the original data, to the Splunk enterprise alert config, etc. So I think it's. SOAR adding additional data, but again I'm not sure how or when or why i...
...together. The only addition I have made was toadd client_id as a nested key under tags .
Here is an example of a log that is parsed correctly in the Splunk UI:
{
"tags": {
"c...
Introduction SplunkPhantomingests objects from connected assets, such as your firewall, services like VirusTotal, MaxMind, and more. Many of these assets require that SplunkPhantom p...
In my indexers inputs.conf we have the standard stanza in place for receiving inbound logs from forwarders.
[splunktcp://9997]
disabled = 0
Am I able toaddadditional stanza(s) to the in...
I have recently created a field extraction on one search head that I have assigned all apps and users to read and write and was wondering how long is would take for a change done in one search head to...
...he Read Node's structure of test 2 trying toaddinputs manually but its unenable too. EX.: [{"NodeID":{"IdentifierType":1,"NamespaceIndex":2,"Identifier":"0:SERVER.P10_300614.F_CV"},"Tag":"objects...