Awesome. Thanks for the follow up, you have no idea how much I appreciate it. I'm very new with Splunk and kinda learning as I go. I'll play around with it tomorrow. I added the [eventcode] piece to the Splunk transforms.conf file, and that removed the error triangle alert thingy, but still didn't show me data. Hopefully I'll have better luck with what you suggested. The ThreatHunting dash looks awesome, so I am really excited to get it working. Thanks again.
... View more