Hi I suppose it. Just create a ticket to Splunk support and ask that they split it based on your given amounts. Probably you must have access to those entitlements on your support portal or you must ask that person who are named your contract contact person will ask it from Splunk. r. Ismo
... View more
You could check field extractions in new Splunk Cisco Security Suite. There is a field "context" being added which is not extracted by Splunk Cisco IPS version 1.0.4. So, you either have a choice to delete this field from inline search in "ips_overview" view and disable appropriate panel in the dashboard, or to extract this field from your current IPS logs (if you have this field).
... View more