How do we setup custom source type and index for foreye app?
Instead of using default fireeye index, I want to use my own index for logs coming in.
Please consult the "Optional Indexing" section in the configuration guide found at the link below:
This approach has worked for other customers, so we documented it as an option. Thanks.
Thanks for the quick update.
i have changed in events.conf file to in Search head but nothng is showing on app
[fe]
search = index = fe* OR sourcetype=fe_*
here is background we already had logs coming to splunk from all fireeye devices through syslog and UDP port to custome indexer and i have installed app on search head followed your doc.
already logs in splunk so i want to configure thart logs to get fireye app
FYI --- i have not done any package installtion or any setting change on indexer server
Typically you would install our TA on the indexer and the app on the search head.
TA found here: https://apps.splunk.com/app/1904/
Shoot me an email via the feedback menu inside the FireEye app and we can discuss the details of the issue.