https://community.splunk.com/t5/All-Apps-and-Add-ons/Snort-output-format-expected-for-built-in-Snort-source-type/m-p/508426#M62437 <P>I'm using Splunk Enterprise 8.0.4.1. I'm looking to upload Snort logs (version 2.9.16) manually (via Settings -- Add Data).</P><P>I see there is a Source Type under Network &amp; Security for Snort. However, I can't tell which Snort output type it expects.</P><P>I tried the following output formats, but none were interpreted correctly:</P><UL><LI>alert_fast</LI><LI>alert_full</LI><LI>alert_csv</LI><LI>unified2</LI></UL><P>Note: I am not using the Snort for Splunk nor the Splunk for Snort apps. I am attempting to use the built-in source type.</P> Fri, 10 Jul 2020 03:15:56 GMT Zaphod 2020-07-10T03:15:56Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Snort-output-format-expected-for-built-in-Snort-source-type/m-p/508426#M62437 <P>I'm using Splunk Enterprise 8.0.4.1. I'm looking to upload Snort logs (version 2.9.16) manually (via Settings -- Add Data).</P><P>I see there is a Source Type under Network &amp; Security for Snort. However, I can't tell which Snort output type it expects.</P><P>I tried the following output formats, but none were interpreted correctly:</P><UL><LI>alert_fast</LI><LI>alert_full</LI><LI>alert_csv</LI><LI>unified2</LI></UL><P>Note: I am not using the Snort for Splunk nor the Splunk for Snort apps. I am attempting to use the built-in source type.</P> Fri, 10 Jul 2020 03:15:56 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Snort-output-format-expected-for-built-in-Snort-source-type/m-p/508426#M62437 Zaphod 2020-07-10T03:15:56Z