the data is currently coming to a heavy forwarder also the rsyslog server and then we are forwarding to Splunk. So pre-parse the logs on the HF, re-write to file on the HF before forwarding? Do you have any configurations u can share? Thanks!
... View more
Thanks for your response Cusello! We actually have heavily customized pre-existing TA's that we are trying to leverage and the reason we want to be able to use the TAs.
... View more
I am trying to forward Windows and Linux logs directly from ArcSight logger to our Splunk environment. Since Arcsight converts logs to CEF format, I know the Splunk Add-ons for Windows and Linux will not work. From ArcSight, the logs are sent to Syslog server and then forwarded to Splunk.
What is the best way to get the Splunk Windows and Linux TA working with the ArcSight Win and Nix logs?
Thanks in advance!
... View more
I needed to pull asset data from SharePoint to Splunk as a lookup table to feed into Splunk Enterprise Security. I looked at the Splunk add-on for SharePoint, but it's more for the integration of the SharePoint server. Any ideas on how to accomplish this?
... View more