All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

FireEye App for Splunk Enterprise v3: How to set up custom sourcetype and index?

Splunk_Bw
Explorer
‎01-28-2015 09:33 AM

How do we setup custom source type and index for foreye app?
Instead of using default fireeye index, I want to use my own index for logs coming in.

0 Karma
Reply

TonyLeeVT
Builder
‎01-28-2015 09:37 AM

Please consult the "Optional Indexing" section in the configuration guide found at the link below:

https://www.fireeye.com/content/dam/fireeye-www/global/en/partners/pdfs/FireEye%20App%20for%20Splunk...

This approach has worked for other customers, so we documented it as an option. Thanks.

0 Karma
Reply

Splunk_Bw
Explorer
‎01-28-2015 10:03 AM

Thanks for the quick update.
i have changed in events.conf file to in Search head but nothng is showing on app
[fe]
search = index = fe* OR sourcetype=fe_*

here is background we already had logs coming to splunk from all fireeye devices through syslog and UDP port to custome indexer and i have installed app on search head followed your doc.

already logs in splunk so i want to configure thart logs to get fireye app

FYI --- i have not done any package installtion or any setting change on indexer server

0 Karma
Reply

TonyLeeVT
Builder
‎01-28-2015 10:10 AM

Typically you would install our TA on the indexer and the app on the search head.

TA found here: https://apps.splunk.com/app/1904/

Shoot me an email via the feedback menu inside the FireEye app and we can discuss the details of the issue.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...