All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

AMP for Endpoints Event Inputs App

plao
Loves-to-Learn
‎09-21-2021 09:26 AM

Hi

I was able to install and configure the AMP for Endpoints Event Inputs App for all Event Types and Groups. However, not sure why, when I do a search in Splunk, index=* sourcetype="cisco:amp:event", I can only see AMP4E events like from 8 hours ago, I am not able to see any of the recent AMP4E events

Labels (1)
Labels
0 Karma
Reply

plao
Loves-to-Learn
‎09-21-2021 05:17 PM

Now all of a sudden, starting around 3:19pm, I started seeing some AMP4E events in Splunk

 

But they are coming in very slowly (not anything close to real time at all)

0 Karma
Reply
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...