As a CA Admin, I would like to see Internal Change Auditor events generated when a coordinator is unable to send events to a SIEM subscription. (4306981)

Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Return

Title

As a CA Admin, I would like to see Internal Change Auditor events generated when a coordinator is unable to send events to a SIEM subscription.
Description

ER: They are concerned with resiliency so when the Splunk event subscription didn't move over to another coordinator they either want a notification that it couldn't communicate to the Splunk server or try another Coordinator till it found one that could. They use the Splunk forwarder to trigger alerts in Splunk they do not use CA to generate the alerts. Create an ER to try another Coordinator if it cannot connect to the subscription or at least a notification after x amount of time say an hour or have it failover to another Coordinator.

Sign In Required

You need to be signed in and under a current maintenance contract to view premium knowledge articles.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

As a CA Admin, I would like to see Internal Change Auditor events generated when a coordinator is unable to send events to a SIEM subscription. (4306981)

Title

Description

Sign In Required