Hi I have a requirement for Continous Packet Capture with Splunk Streams. For example, I want to capture all traffic on port 25 and then save it to disk, so that I can retrieve the pcap at a later date for further investigation.
I saw in the notes that its says "Packet stream capture is ephemeral" which means its for a short period of time.
Can I just confirm then, that Splunk Streams can not do a continuous capture of network traffic and save it to a pcap?
↧