Hi there,
This is the second time I configure a Splunk Add-on for Reverse Proxy data.
As fields are similar to Proxy / Web datamodel, I just went on applying that DM to the Add-on via eventtypes & tags.
So far, I never had to use it through CIM, like in ES.
Now that I see ES Web dashboards, I am wondering if it makes any sense at all to have that Web CIM applied to such data because it does not include information such as incoming / outgoing such as Email Data does, and it rather makes things more confusing.
Might be a dumb questions, but I am interested in any comment!
↧