When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches.

SPLK-2003

Last Post by Guillermo 2 years ago

1 Posts

1 Users

0 Likes

188 Views

RSS

Guillermo

(@swindellguillermo)

Noble Member

Joined: 2 years ago

Posts: 719

Topic starter 12/09/2022 2:35 am

When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches.

How is this possible

A . Enter the two queries in the asset as comma separated values.
B . Configure the second query in the Phantom app for Splunk.
C . Install a second Splunk app and configure the query in the second app.
D . Configure a second Splunk asset with the second query.

Show Answer Hide Answer

Suggested Answer: A

Quote

Topic Tags

Splunk SOAR Certified Aut

Latest Splunk SPLK-2003 Dumps Valid Version

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PDF

Forum Jump:

Previous Topic

Next Topic