Enable threat data report
After you restart
Splunkwill now appear in your
In a single-instance
Splunkinstallation or on a Heavy Forwarder, you will need to enable inputs, which are disabled by default:
- In theSplunkmenu, clickSettings > Data inputs.
- In the Data section, in Local inputs, clickSection > Scripts.
- For each of the scripts (devices, events, indicators, and threats), in the Status column, click the Enable link.When you click on the Enable link,Splunkwill invoke the associated script, and thereafterSplunkwill repeatedly invoke the script according to the interval setting for that script, which is 24 hours by default.