FireEye App for Splunk Enterprise v3: How to set u...

Splunk_Bw · ‎01-28-2015

How do we setup custom source type and index for foreye app?
Instead of using default fireeye index, I want to use my own index for logs coming in.

TonyLeeVT · ‎01-28-2015

Please consult the "Optional Indexing" section in the configuration guide found at the link below:

https://www.fireeye.com/content/dam/fireeye-www/global/en/partners/pdfs/FireEye%20App%20for%20Splunk...

This approach has worked for other customers, so we documented it as an option. Thanks.

Splunk_Bw · ‎01-28-2015

Thanks for the quick update.
i have changed in events.conf file to in Search head but nothng is showing on app
[fe]
search = index = fe* OR sourcetype=fe_*

here is background we already had logs coming to splunk from all fireeye devices through syslog and UDP port to custome indexer and i have installed app on search head followed your doc.

already logs in splunk so i want to configure thart logs to get fireye app

FYI --- i have not done any package installtion or any setting change on indexer server

TonyLeeVT · ‎01-28-2015

Typically you would install our TA on the indexer and the app on the search head.

TA found here: https://apps.splunk.com/app/1904/

Shoot me an email via the feedback menu inside the FireEye app and we can discuss the details of the issue.

FireEye App for Splunk Enterprise v3: How to set up custom sourcetype and index?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!