All Apps and Add-ons

FireEye App for Splunk Enterprise v3: How to set up custom sourcetype and index?

Splunk_Bw
Explorer

How do we setup custom source type and index for foreye app?
Instead of using default fireeye index, I want to use my own index for logs coming in.

0 Karma

TonyLeeVT
Builder

Please consult the "Optional Indexing" section in the configuration guide found at the link below:

https://www.fireeye.com/content/dam/fireeye-www/global/en/partners/pdfs/FireEye%20App%20for%20Splunk...

This approach has worked for other customers, so we documented it as an option. Thanks.

0 Karma

Splunk_Bw
Explorer

Thanks for the quick update.
i have changed in events.conf file to in Search head but nothng is showing on app
[fe]
search = index = fe* OR sourcetype=fe_*

here is background we already had logs coming to splunk from all fireeye devices through syslog and UDP port to custome indexer and i have installed app on search head followed your doc.

already logs in splunk so i want to configure thart logs to get fireye app

FYI --- i have not done any package installtion or any setting change on indexer server

0 Karma

TonyLeeVT
Builder

Typically you would install our TA on the indexer and the app on the search head.

TA found here: https://apps.splunk.com/app/1904/

Shoot me an email via the feedback menu inside the FireEye app and we can discuss the details of the issue.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...