All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the best practice to ingest Cloud Ironport logs to Splunk Cloud without sending them to On-Prem Syslog server?

kiran331
Builder
‎01-23-2017 01:12 PM

What is the best practice to ingest Cloud Ironport logs to Splunk Cloud without sending them to On-Prem Syslog server?

0 Karma
Reply

hunters_splunk
Splunk Employee
Splunk Employee
‎01-23-2017 07:12 PM

Hi kiran331

I think you can use the Splunk Add-on for Cisco WSA to ingest Ironport logs. The add-on allows a Splunk software administrator to collect Cisco Web Security Appliance (WSA) access and L4TM log data.

https://splunkbase.splunk.com/app/1747
http://docs.splunk.com/Documentation/AddOns/latest/CiscoWSA/About

Hope this helps. Thanks!
Hunter

0 Karma
Reply

kiran331
Builder
‎01-24-2017 06:42 AM

Do we need a Heavy Forwarder in cloud? or there is other way to send logs to splunk cloud?

0 Karma
Reply

goodsellt
Contributor
‎01-26-2017 08:14 AM

Kiran, based on my knowledge of Splunk Cloud, you'll have to pass them through on on prem Heavy Forwarder or Universal forwarder where you can send data over UDP and/or SCP. Since the forwarders that connect to Splunk Cloud use SSL certs, it's safe to say you'll be unable to do a "direct" input to Splunk Cloud.

Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...