Re: Will the Splunk for FireEye app run on Splunk ...

joshua_hart · ‎06-18-2013

The documentation states the app is for 4.3.x, but is that the minimum version or the ONLY version supported?

I ask because I've got it installed on a 5.0.3 search head and FE is sending XML logs via HTTP, but I think the transforms aren't working properly. Fields aren't being delimited appropriately and some fields contain data from one or more fields.

Please advise, thanks!

-Josh

BenjaminWyatt · ‎07-18-2013

The justification given for 4.3.x compatibility is that the app relies heavily on HTML 5 dashboards (which were added to Splunk in v4.3). From this I would assume the app is 5.0.x compatible unless it is specifically stated otherwise.

Field delimiters not working properly doesn't sound like an issue that would be caused by version incompatibility, although you might need to do some tinkering with props.conf and transforms.conf to make sure everything is coming across properly.

cpeteman · ‎06-18-2013

The most recent version seems to support version 5.0.3 http://splunk-base.splunk.com/apps/22354/fireeye. I've not run into any issues

cpeteman · ‎06-28-2013

The FireEye app claims to support the following versions: 4.3, 4.2, 4.1, 4.x, 5.x

Will the Splunk for FireEye app run on Splunk 5.0?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?