Hi,
I have the a linux box running Bro 2.4 and the Splunk Universal forwarder (6.4.0) configured to monitor my bro logs and forward to an indexer running Splunk 6.4.0 with the Bro Addon installed.
Splunk is setting the sorucetype correctly (bro_dhcp, bro_files ect..) however the automatic feature extraction is not working.
Is there anything I am missing?
↧