topic Re: connection between elastic and splunk in Splunk Enterprise https://community.splunk.com/t5/Splunk-Enterprise/connection-between-elastic-and-splunk/m-p/682121#M18965 <P>Hola gracias por la respuesta, son eventos de seguridad como eventos de Windows y eventos de equipos perimetrales,<BR />¿necesitamos pasar de elastic para obtener los datos a splunk o reenviar los datos de splunk a elastic, es posible visualizar más datos que el que está indexado? Y si no es posible sería ver mis eventos que se muestran en splunk para verlos en elástico.</P> Wed, 27 Mar 2024 15:56:17 GMT juanarenas 2024-03-27T15:56:17Z connection between elastic and splunk https://community.splunk.com/t5/Splunk-Enterprise/connection-between-elastic-and-splunk/m-p/681857#M18939 <P>Good morning, I hope you can help me,<BR />we maintain an infrastructure with splunk enterprise with SIEM and we must forward the security events to an elastic and kafka, I would like to know how I could forward the events and if this will consume license.</P> Mon, 25 Mar 2024 13:15:40 GMT https://community.splunk.com/t5/Splunk-Enterprise/connection-between-elastic-and-splunk/m-p/681857#M18939 juanarenas 2024-03-25T13:15:40Z Re: connection between elastic and splunk https://community.splunk.com/t5/Splunk-Enterprise/connection-between-elastic-and-splunk/m-p/681908#M18941 <P>More words please. What is your business case. What "security events" do you want to "forward" from Splunk. Do you want the same events ingested in Splunk and Elastic/Kafka/whatever or maybe you want to just generate an event in case some alert is triggered in Splunk?</P> Mon, 25 Mar 2024 21:07:07 GMT https://community.splunk.com/t5/Splunk-Enterprise/connection-between-elastic-and-splunk/m-p/681908#M18941 PickleRick 2024-03-25T21:07:07Z Re: connection between elastic and splunk https://community.splunk.com/t5/Splunk-Enterprise/connection-between-elastic-and-splunk/m-p/682121#M18965 <P>Hola gracias por la respuesta, son eventos de seguridad como eventos de Windows y eventos de equipos perimetrales,<BR />¿necesitamos pasar de elastic para obtener los datos a splunk o reenviar los datos de splunk a elastic, es posible visualizar más datos que el que está indexado? Y si no es posible sería ver mis eventos que se muestran en splunk para verlos en elástico.</P> Wed, 27 Mar 2024 15:56:17 GMT https://community.splunk.com/t5/Splunk-Enterprise/connection-between-elastic-and-splunk/m-p/682121#M18965 juanarenas 2024-03-27T15:56:17Z