All Apps and Add-ons

how to integrate splunk and snort in different machines?

zippyopsadmin
New Member

In my snort tool in centos7 and then splunk in another machine , so I plan to integrate the splunk and snort so i just install the splunk for snort app in splunk but i did not get the dashboard if any know means let me know

0 Karma

zippyopsadmin
New Member

i am also try with same machine in splunk and snort that way also i am not getting dashboard like data and then
i just manually data add in snort.log in splunk at that time also i am not getting the dashboard data

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Co-locating Splunk and Snort is not sufficient. You must tell Splunk where to find the Snort data and how to process it. Have you done that?
What steps did you take to manually add the Snort data? What sourcetype did you choose? What index did you choose? The index and sourcetype names must match those expected by the dashboard.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

That app is very old so it may not be working properly under newer versions of Splunk.
How are you feeding Snort data into Splunk? It's not enough to just install the Snort app. Did you also enable the appropriate inputs as per the documentation?

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.