I have some event, with report and vulnerability tags. I have also set global permissions to this event, so that other apps could see it.
However, when I use Splunk CIM add-on, it does not r...
The Cisco ACI Add-on for Splunk Enterprise provides these source types:
cisco:apic:health
cisco:apic:stats
cisco:apic:class
cisco:apic:authentication
And is CommonInformationModel (CIM) 4...
...agging with theCommonInformationModel or somewhere else in the flow of ingested data? - https://wiki.splunk.com/images/4/45/Splunk_EventProcessing_v19_0_standalone.pdf In the end here is w...
Hello all,
I'm having some really odd issues with the TA-Meraki app. It seems I have my data set to directly come in on 514 and can search it in Splunk ES but it is not usable in ESS. From the T...
...t seems the issue is that the Network Resolution model is CIM 4.1.
I also noticed that theSplunkAddon for Microsoft Windows is on CIM 4.1 but no longer contains the MSAD:NT6 sourcetypes, which i...
...ourcetype was set to "ossec_alerts".
Since this App is not CIM compatible, we had to install "SplunkAdd-on for OSSEC" Add-on and change the sourcetype to "ossec". After this change, we lost all the o...
...hy this is occurring. Do we need to install the infblox app onthe indexer as well? This breaks SplunkCommonInformationModel (CIM) compliance and by extension Splunk Enterprise Security. Any a...
Splunk can collect a lot of the Amazon Web Services (AWS) data. But I see many items onSplunkbase for AWS technologies. Is there a complete list of apps and when to use each?
All,
We have Windows and Linux BIND DNS servers logging into one index in Splunk. Because of the way Windows logs domain names in DNS requests we are doing a search time extraction. If I want to s...