We are having an issue where a single threat intelligence download is failing (SANS blocklist) regularly. I can wget the file just fine from the search head where Splunk Enterprise Security is installed, so I'm not sure it's a network problem with reaching the site. Is there any place I can get a more specific error message as to why this is failing?
msg="A threat intelligence download has failed" stanza="sans" status="threat list download failed after multiple retries"
... View more
So does this mean that if you do it this way, the dashboards won't populate? I ask because I'm looking at installing this on an indexer (to avoid filling up a search head with data that the app pulls down), but I also want to install the app on the search heads for viewing the data.
... View more
I'm looking to set up a dashboard that will be projected on a screen indefinitely. Is there a way I can set up a user that will not time-out due to inactivity in order to have this dashboard unattended?
... View more