Re: Any experience out there with Splunk <--> Shar...

hulahoop · ‎09-10-2010

I've often heard this considered, but am wondering if anyone has done actual work with one or the other or both of the following:

integrating Splunk views into a Sharepoint dashboard
collecting Sharepoint logs/data for analysis in Splunk

gkanapathy · ‎09-11-2010

Sharepoint can easily display an IFrame: http://www.splunk.com/base/Documentation/latest/Developer/3rdParty, or you can query for data against the Splunk REST API
Sharepoint logs should be pretty straightforward to index as well using a Splunk forwarder agent on the Sharepoint server. There are Sharepoint-related logs everywhere in Windows, but you probably primarily need the IIS logs, the Windows Event Logs, and ASP.NET logs.

southeringtonp · ‎09-11-2010

If you want the audit log from within SharePoint itself, it's a bit harder. You might be able to get them via scripted input, via database tracking, or via 3rd party add-in writing to Windows event logs (and from there to Splunk). It's a bit sales-oriented, but they have some information here that may be useful if you're trying to get those -- http://community.bamboosolutions.com/blogs/bambooteamblog/archive/2010/02/16/filling-the-gap-in-shar...

hulahoop · ‎09-11-2010

Thank you for the great information!

Any experience out there with Splunk <--> Sharepoint?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?