Has anyone else ran into issues with a different logging format? When I look at my DNS logs, they don't match up with the regex expressions in transforms.conf
We're running BlueCat which has Bind...
We use BlueCat for DNS/DHCP and we are forwarding the DNS/DHCP logs via CEF format to HDFS. I am trying to reverse engineer theSplunkAdd-onforISCBINDfor Hunk, specifically the assigning of m...
...rying to get theSplunkAdd-onforISCBind working using this architecture. The instructions say to do the following:
From http://docs.splunk.com/Documentation/AddOns/latest/ISCBIND/C...
Hi All,
As per SplunkAdd-onforISCBIND dns query and dns errors logs should be in different file however we have single file which has query and error logs together .
Issue is what s...
I am looking for anyone who might know the appropriate BIND logging configuration to capture DNS replies so that we can map these into the Network Resolution model in Enterprise Security. Logging the...
...ile , and now what is the best method to ingest them into SPLUNK with the right format mapping?
What is your experiences with Linux DNS service?
I'm collect events with Splunk Deployment s...
...essage is a response. If I'm thinking about network flow, the response is coming from the server, and so should be the src, not the dest. In the case where the message type is not a response, the TA r...
Hello Team,
I have installed Cisco WSA addon, receiving W3C syslogs from my WSA.
Trying to configure this app in Splunk as per:
http://docs.splunk.com/Documentation/AddOns/released/C...
I'm working with a standalone splunk 8.1.3 instance with theSplunk CIM 4.20.2. I have several accelerated data models that are populating data properly. &n...
...se the app “Splunk Supporting Add-onfor Active Directory”. Despite the name of the application (suggesting it is for use with AD only) I've been told it will work for other LDAP servers.
P...