https://community.splunk.com/t5/Getting-Data-In/Configuring-Splunk-with-a-Snare-Windows-Security-Log-Sourcetype/m-p/50786#M9723 <P>Ok, so for reasons beyond this discussion we are unable to use the universal forwarder. So, we have decided to bring in our data using Snare. Has anyone had any experience with creating a sourcetype for snare forwarded messages?</P> Fri, 30 Nov 2012 20:04:16 GMT rmcdougal 2012-11-30T20:04:16Z https://community.splunk.com/t5/Getting-Data-In/Configuring-Splunk-with-a-Snare-Windows-Security-Log-Sourcetype/m-p/50786#M9723 <P>Ok, so for reasons beyond this discussion we are unable to use the universal forwarder. So, we have decided to bring in our data using Snare. Has anyone had any experience with creating a sourcetype for snare forwarded messages?</P> Fri, 30 Nov 2012 20:04:16 GMT https://community.splunk.com/t5/Getting-Data-In/Configuring-Splunk-with-a-Snare-Windows-Security-Log-Sourcetype/m-p/50786#M9723 rmcdougal 2012-11-30T20:04:16Z https://community.splunk.com/t5/Getting-Data-In/Configuring-Splunk-with-a-Snare-Windows-Security-Log-Sourcetype/m-p/50787#M9724 <P>There is pretrained sourcetype for this already. Last one in the table. Just make sure to set your sourcetype manually to 'windows_snare_syslog'.</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/5.0/Data/Listofpretrainedsourcetypes" target="_blank">http://docs.splunk.com/Documentation/Splunk/5.0/Data/Listofpretrainedsourcetypes</A></P> Mon, 28 Sep 2020 12:53:44 GMT https://community.splunk.com/t5/Getting-Data-In/Configuring-Splunk-with-a-Snare-Windows-Security-Log-Sourcetype/m-p/50787#M9724 sdaniels 2020-09-28T12:53:44Z