...ngest setting tab isn't showing up even though I've written an on_poll action within my code. I can run the on_poll action from the app page, but I'm not sure how to run it on a schedule.
...riority -> severity_id), which works fine.
Since CIM needs the field name to be 'severity', I cloned another field alias ( priority -> severity) from the existingand made sure that it has g...
...ame is misspelled, you do not have "read" permission for the macro, or the macro has not been shared with this application. Click Settings, Advanced search, Search Macros to view macro information.
...ust a direct clone of the existing _json type. When I add a .json file to the folder, it is ingested and the events show up in the cloud instance, under the right correct centraladmin_errormaster i...
The TA mapped our bluecoat index as a Web cim compliant. Looking at our bluecoat index and reports we built on top and some of these fields, that we use are not defined at Web CIM
Therefore, is i...
...odified Change.json file with a new dataset, place it to separate app (eg. my_change_dm ) and place this app to $splunk_home/etc/apps directory - will my modified JSON file merge with Change.json i...
Hello I have installed the add-on "Alien Vault Check OTX". I would like to know if out of this command where I can query an IP, HASH or domain for indicators of compromise, could someone give me an...
...crubbed logs in case someone is willing to help here. Or if anyone has already solved this with some app that I am not aware of, I would appreciate some help! Thanks in advance.
Here are all the sample l...
...ashboard is gone and the only data that exists is the data that splunk sees just this morning when I booted it up.
There must be a config I'm missing or something? Can someone please help.