I want to send specific DNS logs from splunk to Google Chronicle and investigate in Chronicle.

In Google chronicle I want to get DNS logs from splunk. Chronicle already has default Splunk DNS parser which can be leveraged to parse the data that is sent from splunk and can be investigated in Chronicle. As per my findings there is a chronicle connector which might have the capability to send logs to chronicle from splunk. But I am not sure of the process. So I want to know the process.

Hi @Dharam 

If you are looking to get indexed data out of Splunk then you either need to push it from Splunk or pull it from Chronicle.

I've had a quick look on Splunkbase (https://splunkbase.splunk.com/) and cannot see any Splunk apps (3rd party or Splunk built) that provide a push functionality to Chronicle.  This means you would need to create your own app to push search result data to Chronicle as an alert result action - refer to https://dev.splunk.com/enterprise/docs/devtools/customalertactions/ for creating your own app.  Note, this is not for beginners.

For pulling data from Splunk, is this the Chronicle connector you mean?
https://cloud.google.com/integration-connectors/docs/connectors/splunk/configure

If so, it looks like it could be set up to pull data from Splunk.  You probably should then be trying a Chronicle forum about how it works.

Also, as Google Chronicle is a SaaS service you would need ensure connectivity between these two environments (is your Splunk on premise or Cloud based?).