I can query my Splunk instance using CLI with the following command: /opt/splunk/bin/./splunk search 'index=* host=* mitre_technique!=- | stats count BY mitre_technique | fields - count' -a...
I am running Splunk Enterprise 8.0.6 and have Hadoop Data Roll configured, using Hadoop 3.2.1 with Java 1.8.0_282-b08. I have a virtualindexconfigured to archive an index to AWS S3. The Hadoop D...