- Community
- :
- Splunk Answers
- :
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- What is the best way to export data from splunk t...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From splunk to RSA security Analytics .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Splunker6789,
there are many ways to send logs to Security Analytics, we used syslogs for one of our customers.
The choice is related to the use that you want to do of logs in Splunk:
- if you want to index and use all logs in Splunk and then send them to SA, syslog is a good choice;
- if you want to index only a part of logs and send all of them to SA, you can forwarder them directly from Forwarders to avoid license consuption. For information see http://docs.splunk.com/Documentation/Splunk/6.6.1/Forwarding/Forwarddatatothird-partysystemsd
Bye.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Splunker6789,
there are many ways to send logs to Security Analytics, we used syslogs for one of our customers.
The choice is related to the use that you want to do of logs in Splunk:
- if you want to index and use all logs in Splunk and then send them to SA, syslog is a good choice;
- if you want to index only a part of logs and send all of them to SA, you can forwarder them directly from Forwarders to avoid license consuption. For information see http://docs.splunk.com/Documentation/Splunk/6.6.1/Forwarding/Forwarddatatothird-partysystemsd
Bye.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Giuseppe ,
Can you explain process of sending all logs from splunk to RSA .That will be helpful!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Splunker6789,
It's described in the link:
you have to configure in your outputs.conf the destination syslog
[syslog]
defaultGroup=syslogGroup
[syslog:syslogGroup]
server = x.x.x.x:514
After edit props.conf and transforms.conf to specify the filtering criteria:
props.conf
[my_sourcetype]
TRANSFORMS-my_sourcetype = send_to_syslog
transforms.conf
[send_to_syslog]
REGEX = .
DEST_KEY = _SYSLOG_ROUTING
FORMAT = my_syslog_group
Bye.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a question .We are on boarding data from splunk to Rsa .Actually the data was in splunk indexers.So I wonder how will we be on-board from indexers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Cusello really appreciate .
Enterprise Security Content Updates (ESCU) - New Releases
Thought Leaders are Validating Your Hard Work and Training Rigor
.conf23 Registration is Now Open!
