Splunk Enterprise Security

Why are TA-DNSServer-NT6 fields, lookups, and aliases not showing in the Splunk App for Enterprise Security?

jsmith39
Path Finder

Most, but not all of the field extractions, lookups, and aliases created in the TA-DNSServer-NT6 app are viewable when looking through the Search and Reporting application, but not when searching through the Enterprise Security application.

The TA-DNSServer-NT6 sharing is set to Global (everyone-read,admin-write)

Unsure why only a handful of Lookups generated fields are viewable through ES, but everything is viewable through Search&Reporting.

0 Karma

jsmith39
Path Finder

I'm guessing this is some kind of bug with how Enterprise Security ingests applications, if I copy the props and transforms from TA-DNSServer-NT6/local and place them in SplunkEnterpriseSecuritySuite/local then I get all the field extractions, etc that I'm expecting.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...