Abstract
Cortex Xpanse Expander’s add-on Splunk integration allows you to consume and access Cortex Xpanse Expander alerts and data through Splunk.
Cortex Xpanse Expander’s add-on Splunk integration allows you to consume and access Cortex Xpanse Expander alerts and data through Splunk.
Splunk represents “events” as JSON objects. Associated information to those events are the JSON object’s values. You can query Splunk events using Splunk queries. For more help on Splunk data querying, refer to the appropriate Splunk data querying documentation or ask your Splunk technical contact.
For additional information on how to use Splunk more generally, see Splunk’s general documentation site.