Hello everyone,
I have a problem with an alert removed without a user's action, when I join the Splunk logs:
splunk_server = "XXX" index=_audit host=YourHostName action=alert_deleted
I do not see deletion events, which may have occurred? some action of the system? How can I identify the cause of the deletion of the alert?
↧