All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to integrate splunk and snort in different machines?

zippyopsadmin
New Member
‎10-11-2019 01:44 AM

In my snort tool in centos7 and then splunk in another machine , so I plan to integrate the splunk and snort so i just install the splunk for snort app in splunk but i did not get the dashboard if any know means let me know

0 Karma
Reply

zippyopsadmin
New Member
‎10-11-2019 06:13 AM

i am also try with same machine in splunk and snort that way also i am not getting dashboard like data and then
i just manually data add in snort.log in splunk at that time also i am not getting the dashboard data

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-11-2019 10:42 AM

Co-locating Splunk and Snort is not sufficient. You must tell Splunk where to find the Snort data and how to process it. Have you done that?
What steps did you take to manually add the Snort data? What sourcetype did you choose? What index did you choose? The index and sourcetype names must match those expected by the dashboard.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-11-2019 06:06 AM

That app is very old so it may not be working properly under newer versions of Splunk.
How are you feeding Snort data into Splunk? It's not enough to just install the Snort app. Did you also enable the appropriate inputs as per the documentation?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...