Hi Team, I have created afederated provider and test connection successful . what will be our next steps ? is federatedindex mandatory to create ? if yes all the indexes across SHs should be created ?'
Regarding Federated search:
Is the only authentication option username and password? We use SSO on the remote search head (LDAP/Reverse Proxy) which would be preferable.
Why do you need to e...
...nformation from another remote source via a REST API. The following search works:
index=federated:remote_dataset userid="cn=" | \
eval dn=lower(userid) | \
dedup dn | \
t...
Hello Splunkers! I am very exited about the new federated search feature starting the Splunk 8.2 version! I got it to run with a onPrem development machine and a regular index - works as desired a...
...un for every 24 hours So need to createa report for everyday for last 24 hours and need to create report to collect everydata into summary index. so that if they search for last 60 days data s...
Dear Splunk experts, Just want to ask about the general upside/downside of creating a large number of indexes. Thinking to createa Splunk index per application/service so we may end up w...
Hi All, I am trying to createa summary index that runs once in a week and I want only few fields to be populated in the summary Index. Questions : 1) I want only three fields i...
...ry to createan index for it I get the error below, does anyone know what could be causing this ?
ERROR MESSAGE:
Data could not be written: /nobody/search/indexes/testosboot/thawedPath: $S...
Hi, Is it possible to make use of multiple indexes in one query. Below is the use case which I am trying to implement. If the connection from a IP address has a threat signature match in I...