I set the Max_age for each threat intelligence list for the TI data retention but it is not work, so I would like to remove the out-date data manually.
Please kindly tell me the datastore location or path in CLI mode. In addition, I would like to know how can I make the max_age setting work?
... View more
I means I cannot to export my TI from the ES, the menu path as below
Splunk > App: Enterprise Security > Threat Artifacts >
Then, I get my TI result and would like to export it (over 10,000 records are there) to csv format but finally I just get only 10,000 records from the csv.
... View more
I means I cannot to export my TI from the ES, the menu path as below
Splunk > App: Enterprise Security > Threat Artifacts >
Then, I get my TI result and would like to export it (over 10,000 records are there) to csv format but finally I just get only 10,000 records from the csv.
... View more
I means I cannot to export my TI from the ES, the menu path as below
Splunk > App: Enterprise Security > Threat Artifacts >
Then, I get my TI result and would like to export it (over 10,000 records are there) to csv format but finally I just get only 10,000 records from the csv.
... View more
Thank you for the link but I am not sure for the configuration file location. I tried to find the file "savedsearched.conf" and got some results.
... View more
I can see that there are over 10000 record per list (Threat Intelligence) in Splunk ES Web UI. But I can ONLY export 10000 records per list. May I know if there is a limitation on that (max. 10000 record per list) instead of parse or normalize 10000 records ONLY. Thanks.
... View more