All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

RSA DLP and Splunk

SYY
New Member
‎10-14-2013 02:45 PM

Has anyone tried to feed RSA DLP event logs into Splunk? Someone told me data format can be CEF syslog, but from RSA Enterprise Manager, I can only see raw syslogs.

Can anyone provide an example of what kind of data will I see in Splunk.

Thanks in Advance.

Tags (2)
0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎10-15-2013 06:41 AM

If don't see a published TA app for it, chances are nobody else (who can talk about it publically) has been down this road. Make a test index, set up a data feed, see what you get 🙂

0 Karma
Reply

jpass
Contributor
‎10-14-2013 07:16 PM

"Can anyone provide an example of what kind of data will I see in Splunk"

Splunk won't change the way your logs look if you were to simply view them in Nano or a text editor or something.

If your logs look like this:

2013-10-15 23:44:05 theabyss gonnagetusucka 00012
2013-10-15 23:44:05 bigtroublelilchina mistermom 00015
2013-10-15 23:44:05 inspector jaba 00013
2013-10-15 23:44:05 yogi binks 00019
2013-10-15 23:44:05 boobo daluke 00011

They will end up in splunk looking the same. Although, they will be separated into individual events.

I'm not sure what type of logs you're referring to but I used movie titles and other things that came to mind because it doesn't matter what your logs look like. They go into Splunk and, unless you create some transforms, they won't be changed.

0 Karma
Reply
Get Updates on the Splunk Community!

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...

Splunk Answers Content Calendar, June Edition II

Get ready to dive into Splunk Dashboard panels this week! We'll be tackling common questions around ...

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...