How do I get the “Original Event” to show on my correlation searches to show? In my case some of my correlation searches have it and some do not and I do not understand why
Join my discord and it will be probably easier to resolve. I'm not sure what issue you're running into. Are you saying you can't see the correlation search that created the alert on some of your notables and can see it on others? Are you just wanting to see the _raw logs that made up the notable Or a 3rd situation
I'm planning a multi hour training on cribl but that won't land tell fall of 2024. But i do have a playlist of cribl training you are welcome to. th-cam.com/play/PLFF93FRoUwXGm6725isqJofQT2h1boC2y.html&si=VljxmAS-m2sufCUP
1) Talk to a sales engineer, to see if they can get you a trial. 2) use a similar free product to ES. Alert manager is an app that, I think, still has a free version that gives you ticketing 3) build those capabilities into your own splunk instance. I'm trying to be helpful without saying, unless you pay for ES, I can't really help you out. So here are some free alternatives.
Great information and detail!
Glad you liked it
Brilliant, thanks a ton for such elaborate. hats Off
Glad it was helpful.
How do I get the “Original Event” to show on my correlation searches to show? In my case some of my correlation searches have it and some do not and I do not understand why
Join my discord and it will be probably easier to resolve.
I'm not sure what issue you're running into. Are you saying you can't see the correlation search that created the alert on some of your notables and can see it on others?
Are you just wanting to see the _raw logs that made up the notable
Or a 3rd situation
I see Cribl in a tab. Any plans to roll out cribl training? Thank you!!!
I'm planning a multi hour training on cribl but that won't land tell fall of 2024. But i do have a playlist of cribl training you are welcome to.
th-cam.com/play/PLFF93FRoUwXGm6725isqJofQT2h1boC2y.html&si=VljxmAS-m2sufCUP
@@lamecreations_guides im waiting for that as well lol lets goooooo
Best expiations of Splunk ES , my account not allowed to download Splunk ES, what work around could be ?
1) Talk to a sales engineer, to see if they can get you a trial.
2) use a similar free product to ES. Alert manager is an app that, I think, still has a free version that gives you ticketing
3) build those capabilities into your own splunk instance.
I'm trying to be helpful without saying, unless you pay for ES, I can't really help you out. So here are some free alternatives.