What's up guys
I'm testing sending syslog to SIEM splunk. I know that splunk has the plugin, but I'm testing it this way.
1) Does anyone know if we have any history of problems or incompatibility?
I did the configuration:- Plugin, using TCP protocol, port 514.- Business rules using "all"- SIEM Mappings and apparently the log is being sent
2 I installed wireshark and the logs are arriving on the SIEM server. Is there some incompatibility? Any tips?
Go to Solution.
I discovered that for Splunk to accept the logs you need to uncheck the option "When enabled, logs will be transformed using selected mapping file".Prints attached.
View solution in original post
Splunk is direct connection, you do not need Cloud Exchange to integrate Splunk. Please review appropriate documentation for Splunk.
@zthompsoncr Thank you for the answer, but as I said I don't want to use the app that is on the marketplace. I simply need to send the logs to splunk.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below