Does anyone have experience reconciling Splunk event counts vs SecOps event counts? I’m running queries in both platforms and noticing large discrepancies by log type(Splunk typically has far more events). The webhook feeds I am using to send to SecOPs don’t show any obvious issues sending data.
LinkedIn
Twitter
