...ver 300 suppressions. I can view suppressions under Settings --> Eventtypesin the Web UI, see them in SA-ThreatIntelligence/local/eventtypes.conf, and can see that they're being applied where a...
We have a lot of indicators in our Splunk Incident Review queue, and I am having a challenging time with Splunk Enterprise Security Suppression, and it's driving me nuts. It's been about a year and I...
I'm seeing the error below under messages in my Splunk enterprise console:
Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...
I'm a Splunk administrator, not a Windows administrator, so my Windows knowledge is limited. Nonetheless, many teams can benefit from having Windows Event Log data in Splunk. What are the best p...
...s disabled.
Extra info: I'm in a distributed Splunk environment. However, I'm not using indexer clustering.
Grepped eventtypes:
./apps/splunk_app_windows_infrastructure/default/eventtypes...
none of the eventtypesineventtypes.conf under \Splunk\etc\apps\Splunk_for_ActiveDirectory\default\ work in search. For example if i search for "eventtype=wineventlog-security" i get "Unable to f...
...inux_collectd_cpu to the two source types, so this gives rise to a first question: Will Splunk_TA_linux's eventtypes.conf need tweaking?
Assuming I set the forwarder to monitoring /var/c...
I have a mixed *nix and Windows environment and I'm currently collecting the Windows data with the Splunk Add-on for Microsoft Windows as event data. I want to start using the Splunk App for In...
I'm a Splunk administrator, not a Windows administrator, so my Windows knowledge is limited. Nonetheless, a many teams can benefit from having Windows performance data in Splunk. Is there a best p...