Re: Omnibus to Splunk

adriandefry · ‎05-04-2012

Hello, I need to know if there is any tool/app to connect Omnibus to Splunk

I read this article but it seems it is old back from 2007 : https://www-304.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW10NC1Z

Any info/help will be great.. Thanks

a212830 · ‎05-09-2012

Doesn't Ominbus have a flatfile gateway? Why not use that, and read it into Splunk?

sdaniels · ‎05-04-2012

Doesn't appear to be anything updated and it doesn't mention the integration method. I believe OMNIbus has java and C API's that you could use to send events to Splunk however. If you wanted to do it via Syslog it looks like you'd have to provide that code yourself. Or even easier, get it out of OMNIbus to file and then let Splunk eat it.

e82than · ‎05-08-2012

You need to also look out for VLAN network issues. Sometimes Tivoli netcool is created on another segment, and splunk on another thus they can't talk to each other on syslog. I have bumped into this problem 2x and most of the time is a network configuration issue. and it was an agentless splunk forwarder setup.

adriandefry · ‎05-05-2012

Thanks I might go with the second option to direct syslog part to a file & let Splunk eat it 🙂

Thank you!

adriandefry · ‎05-04-2012

Basically what I want is to get all the Omnibus alerts to Splunk (Via Syslog if possible)

adriandefry · ‎05-04-2012

Database + Gateway

a212830 · ‎05-04-2012

Connect how? Probe? Database? Gateway?

Omnibus to Splunk

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?