- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Modify the Splunk Collector Configuration
In the Overview section in addition to viewing the status, trend, last day volume, and collector name, you can modify the Collector configuration by clicking the Collector instance. To modify the configuration for the Splunk Collector instance:
On the Exabeam Security Operations Platform home page, click the Collectors tile.
Select Site Collectors from the sub-menu.
The Overview section displays status groups, last day average volume, and a list of Site Collectors.
On the Overview tab, click the Splunk Collector instance for which you want to modify the configuration.
Modify the Splunk query and select the desired Splunk fetch interval, then click Update. If you update the query, Site Collector Core fetches log data with the parameters based on the query.
Update the Splunk Fetch Timestamp by selecting the time and date from when you want the collector to fetch logs. You can select a date previous to the present date, which is backdated to 30 days.
Click Definition to edit Splunk Collector name, select a Site Collector instance, Splunk hostname, and port.
Click Authentication to change the authentication method: Login Pass or Token for the Splunk collector to connect to the sever. Based on the authentication method that you select, you can edit the login name and password, or the token number for the Splunk server. In this section, you can also edit the protocol and tls option to securely pull the data.
To stop or delete the Splunk Collector instance in Running state, in the upper right corner, click Stop or Delete.
Note
You can start a Collector instance that is stopped, by clicking Restart.
You can delete a Collector of which the status is 'Running'. You can delete a Site Collector instance of which the status is 'Setup Error' or 'Installation Error'.