...escription or details about it, so it can be useful too.
Also, is there any difference in the logs between Splunk cloud and splunkenterprise ?
Thanks !
...urrently I want to integrate splunk es with Active Directory, Linux system logs (secure, message, audit.log), network traffic, oracle database, etc.
2、By default, splunkenterprise allows users to i...
i have recently upgraded SPlunk from 7.1.1 to 7.3.4 and ES from 5.2.2 to 5.3.1, but after the upgrade i can see that the threat activity dashboard does not show any data (data is only available t...
I want touse the splunk app for active directory.I have installed the central splunk instance and ad app in two systems,one is win2008,the other is centos 6.2.But I come across problems within t...
This Enterprise Security correlation search "Anomalous Audit Trail Activity Detected" is generating a whole bunch of false positives.
| from datamodel:"Change_Analysis"."Auditing_Changes" | w...
Out of the box, Splunk is able to collect a lot of Windows data. But I also see many items on Splunkbase for Windows and related Microsoft technologies. Is there a complete list of apps and when touse...
My SplunkEnterprise is running for a few months.
I'm sending all my logs (HEC and UDP) to index "main".
However, I see some indexes defined, mainly I'm concerned about the top-consuming o...
...irewall and end points devices) or we can use for all products?
Is it useful for validating changes made by the firewall admins?
Kindly advice, Thanks in advance.
Hello,
I've been asked toaudit the access to the Windows Event logs themselves... this might be more of a Windows Server question, but still Splunk relevant.
To access Windows Events, I have i...
I'm seeing the error below under messages in my Splunkenterprise console:
Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...