All Apps and Add-ons
Highlighted

What kind of input is CheckPoint Opsec Lea considered?

Path Finder

We are seeing events being dropped at the forwarder. Can persistent queues be used for this connector? Trying to figure out the type of input to determine if persistent queues can be used.

0 Karma
Highlighted

Re: What kind of input is CheckPoint Opsec Lea considered?

SplunkTrust
SplunkTrust

According to the documentation Persistent queues are available for these input types:

TCP
UDP
FIFO
Scripted inputs
Windows Event Log inputs

I believe this application uses a modular input, and therefore not a persistent queue.

However what would the persistent queue be used for in this case? This application polls a checkpoint firewall to obtain data, and records it's progress in a checkpoint file as documented here
Therefore I don't see why you would want a persistent queue, the application will poll the firewall for data based on what data it last sent to Splunk...

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.