All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

AMP for Endpoints Event Inputs App

plao
Loves-to-Learn
‎09-21-2021 09:26 AM

Hi

I was able to install and configure the AMP for Endpoints Event Inputs App for all Event Types and Groups. However, not sure why, when I do a search in Splunk, index=* sourcetype="cisco:amp:event", I can only see AMP4E events like from 8 hours ago, I am not able to see any of the recent AMP4E events

Labels (1)
Labels
0 Karma
Reply

plao
Loves-to-Learn
‎09-21-2021 05:17 PM

Now all of a sudden, starting around 3:19pm, I started seeing some AMP4E events in Splunk

 

But they are coming in very slowly (not anything close to real time at all)

0 Karma
Reply
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>

Get Updates on the Splunk Community!