Index, Eventtypes, and Sourcetypes
The most important data classifiers are outlined below:
- FollowingSplunkbest practices, this application is no longer bundled with a pre-specified index, however, we strongly recommend sending data to index=cylance_protect. If the index was previously specified as index=protect, this will also work as the dashboards are populated using an eventtype that will accept either. If a custom index name is used, then the eventtype=cylance_index must be modified to accept the custom index name.
- eventtype=cylance_index – eventtypes allows the index to either be protect or cylance_protect. If a custom index name is used, the eventtype must be modified for the dashboards to populate properly.
- syslog sourcetypes
Syslog events will enter the app as syslog_protect and will be sorted into one of the other “syslog_” source types, based on content.
- TDR sourcetypes