Would love to know if anyone has found an answer for this. Same situation here...using ELK for logging and want to forward logs from the ELK Syslog NG servers to Splunk. No problems getting the data to Splunk, but since we want to use Splunk as the SIEM (for monitoring), it's got to be in a very specific format. Usually the Splunk universal forwarders put the data into this format, but we're trying to get the info to Splunk (in a format usable for the SIEM) without having to load the Splunk UF onto every device to be monitored. Has anyone been successful at this?
... View more