All Apps and Add-ons

What kind of input is CheckPoint Opsec Lea considered?

Path Finder

We are seeing events being dropped at the forwarder. Can persistent queues be used for this connector? Trying to figure out the type of input to determine if persistent queues can be used.

0 Karma

SplunkTrust
SplunkTrust

According to the documentation Persistent queues are available for these input types:

TCP
UDP
FIFO
Scripted inputs
Windows Event Log inputs

I believe this application uses a modular input, and therefore not a persistent queue.

However what would the persistent queue be used for in this case? This application polls a checkpoint firewall to obtain data, and records it's progress in a checkpoint file as documented here
Therefore I don't see why you would want a persistent queue, the application will poll the firewall for data based on what data it last sent to Splunk...

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!