I am trying to use Splunk ES searches and summaries but i'm not sure where to start or what logs are required.
My main issues are with the Splunk Domains and Splunk intelligence.
I had initially assumed that ingesting the basic win event logs, linux syslog, and cisco ios snmp should be enough data to populate most of the fields making it work out of the box, but it seems that I must be missing something.
I have mostly set up the assets and identities (though our AD objects aren't sorted by business unit, priority, or category making it pretty useless).
Have I missed a step in configuring ES, or is there more granular documentation/walkthrough about what logs and data it needs to work properly? I have looked through the ES install and admin guide and am still left with many questions.
... View more