Hello All , Just wanted to know is there any way , in which we can identify that available CIM compliance add on on Splunk base normalizes to which data model of CIM Splunk , One way i know is to...
Hi Team,
I am using field aliases as in my sourcetype i have two common fields (dest & dest_ip) which have same values. When i applied field aliases both were reflecting.
How to a...
Are there best practices when mapping PaloAlto firewall logs toCIMdatamodels?
One think that I noticed is that Network_Traffic maps anything with tag="network" and tag="communicate". This m...
...ost folks likely don’t massage data prior to a forwarder picking up thedata. Perhaps then, thenormalization, if you will, occurs just prior to indexing? Or perhaps during query? Maybe it’s possible e...
...enerate them. So, the Pivot tool lets to report on a specific data set without the Splunk Search Processing Language 2) It's possible to refer totheCIMdata models tonormalize d...
...ields. We are using data model searches so I want to get these base fields into CIM compliance. Is there a way to create stanzas in props.conf or transforms.conf that will allow me to...
...S_Email tag associated tothem . Now, A new source needs to be fed into thedataModel. The fields of the new source are cim compatible but are not fed into thedataModel. And I checked the c...
...eceiving information from OSSEC server but thedata is having trouble being processed by the IDS data model. Splunk field for Log "sourcetype" seems to be the root of the issue. We need to have Datamodels p...
...nterprise, allowing users to monitor and act on security incidents and intelligence Does it means that Splunk ES works without any forwarder? How the correlaation is done beteween these addns and the e...