All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What kind of input is CheckPoint Opsec Lea considered?

john_glasscock
Path Finder
‎06-01-2018 09:14 AM

We are seeing events being dropped at the forwarder. Can persistent queues be used for this connector? Trying to figure out the type of input to determine if persistent queues can be used.

0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎06-02-2018 03:35 PM

According to the documentation Persistent queues are available for these input types:

TCP
UDP
FIFO
Scripted inputs
Windows Event Log inputs

I believe this application uses a modular input, and therefore not a persistent queue.

However what would the persistent queue be used for in this case? This application polls a checkpoint firewall to obtain data, and records it's progress in a checkpoint file as documented here
Therefore I don't see why you would want a persistent queue, the application will poll the firewall for data based on what data it last sent to Splunk...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...