Resilient Systems to Splunk fn_splunk_integration

Typically in an a large enterprise there could be multiple Splunk instances.

There could be Splunk instances for different departments. There could be different Splunk search heads, for example an Enterprise Search Head and Enterprise Security Search Head (dedicated SIEM) so these would have different FQDNs and REST endpoints.

In addition organizations could run On-Prem and Cloud instances, again presenting the same issue.

The current fn_splunk_integration doesn't allow for RS to choose from multiple destination FQDN

  • Guest
  • Nov 11 2020
  • Submitted
  • Attach files