I have a handful of Splunk servers. I'm trying to understand, does authentication work like deployed apps? Meaning, if I add a new role/ldap group mapping on the search head cluster master or on the deployment server, should I expect that configuration to replicate to the search heads, indexers, etc?
Or do I need to create that role and mapping on each search head individually?
... View more
I'm trying to decide whether I should use a heavy forwarder or a syslog server with universal forwarder to receive data from CyberArk. Can anybody tell me which approach you're using, and how well that's working out for you?
... View more