I'm trying to look for refernce or documintation that shows me which fields in sysmon logs should be mapped to which fields in endpoint datamodel. for example Image & ParentImage it s...
I'm trying to get a list of fields by sourcetype without going down the route of fieldsummary and thought analyzing the props configs would be a good place to start. I'm starting with EVAL g...
Hi , i am currently integrating logs from ESET endpoint security server , we have configured ESET to send logs in JSON format , but will i have applied _json sourcetype to the logs , i...
I'm trying to find how to get the REST API endpoints for saved searches, but I'm finding conflicting information.
Would this be the endpoint: https://{host}:{mPort}/services/saved/searches/{ss n...
Hi, Is it possible from Splunk universal/heavy forwarder to forward data to third party REST API endpoint over https using basic authentication ? I have use case where Splunk universal/h...
Hello,
I am currently running into this issue where I am unable to store / retrieve any data from my storage/passwords endpoint using the splunk sdk for python.
Here is the message I keep r...
I have a UF installed on an endpoint and plan to do more, but whenever the endpoint (laptop) is offline I get missing forwarder alerts from DMC. This will happen frequently since endpoints are s...
I want to search for endpoints /api/work/12345678 i.e api/work/(8 digt number). My below query gives me all the three endpoint in the logs. I just only want the ones that are /api/w...