HI!
I'm following the following directions to try and set up assets and identities for Splunk Enterprise Security on Splunk Cloud through a heavy forwarder.
https://www.hurricanelabs.com/blog/gathering-ldap-identity-data-with-splunk-cloud
The instructions say to set up a saved search on the Heavy Forwarder and have it populate a summary index. However, I am unable to schedule searches on the Heavy Forwarder and get the message:
> The search scheduler is disabled by> the license Splunk is using. Scheduled> searches that populate a summary index> were found, but they will not be> executed. This might affect dashboard> panels that depend on the summary> index.> [!/help?location=learnmore.license.features> Learn more]
Does anyone have any tips on what I am missing?
Thanks,
JG
↧