Hello,
I'm trying to setup the "log event alert action" within Splunk 6.4.2. I have it working except when the search (alert) returns more than one search, only one event gets logged.
Eg. Search -1h for malware IP addresses through the proxy, I'd like to create a "log event" for each result.
How can I do this?
Thanks
↧