×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
chethankumarcba
Engager
Member since: ‎11-28-2016
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎11-28-2016
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Splunk Enterprise Security: How to troubleshoo...

by in Splunk Enterprise Security
‎03-12-2020 10:34 PM
‎03-12-2020 10:34 PM
If you look at the configuration for "Threat - Source And Destination Matches - Threat Gen" in savedsearches.conf, you should be able to see this "action.threat_activity=1" which is a reference to “alert_actions.conf” in DA-ESS-ThreatIntelligence app which has [threat_activity] stanza. It is a reference to call that alert action If you look at this stanza in alert_actions.conf, you can see that it is "summaryindex" ing to threat_activity index (highlighted) Please note "summaryindex" is an alias to "collect" command. The part where summaryindex command is present in "threat_activity" alert action is given below. | summaryindex spool=t uselb=t addtime=t index="$action.threat_activity._name{required=yes}$" ... View more

Re: HF1 -> HF2 -> Indexer: How to route a set of d...

by in Getting Data In
‎01-24-2017 05:17 PM
‎01-24-2017 05:17 PM
Thanks! It works. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All