I updated my Splunk for Symantec app to the latest Splunk_TA_symantec-ep app. Once I did that, I lost all of of the extracted fields for Symantec. Is there a way to retrieve the extracted fields? Does the app already come with custom fields? How do I make sure the custom field is working in the app?
↧
I lost extracted fields after updating the Splunk for Symantec app. Is there a way to retrieve them?
↧