All Apps and Add-ons

Installation Splunk for Symantec app for single instance

apakhomov
Path Finder

Hello,
I browsed directories ./SplunkforSymantec/default/ and ./SplunkforSymantec/appserver/addons/TA-sepapp11/default/
The files in those directories almost identical.

So If I want to install SplunkforSymantec on the single Splunk instance and want to get data by syslog, I don't have to install TA-sepapp11. Is it right?

I only need to create./SplunkforSymantec/local/inputs.conf with content:

[udp:516]
sourcetype=sep11:log

I doubt about the string:

sourcetype=sep11:log

In the file ./SplunkforSymantec/appserver/addons/TA-sepapp11/default/inputs.conf I see:

## A default listener
#[udp:516]
#sourcetype=sep11:log
# Leave as sep; subsequent transforms will revise to correct sub-sourcetype. Anything
# searchable with sourectype of sep is an error

So, what is correct: "sep11:log" or "sep"

Tags (3)
0 Karma
1 Solution

apakhomov
Path Finder

I was wrong. TA-sepapp11 must be installed.
Correct strings for the inputs.conf:

[udp://514]
sourcetype = sep11:log

I had problem with parsing logs. The logs was written in Russian. The Splunk for Symantec app has parser only for the English logs.


Best regards, Artem.

View solution in original post

0 Karma

apakhomov
Path Finder

I was wrong. TA-sepapp11 must be installed.
Correct strings for the inputs.conf:

[udp://514]
sourcetype = sep11:log

I had problem with parsing logs. The logs was written in Russian. The Splunk for Symantec app has parser only for the English logs.


Best regards, Artem.

0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...