Does anyone know of work that has been done to make Splunk talk to Sourcefire's eStreamer (log API) available on their Defense Center?
Does eStreamer integration require a strategic partnership between vendors or do they post the API info so that anyone can play?
Answering my own question here.
As of last week, Splunk for Sourcefire is now on Splunkbase.
This app takes advantage of eStreamer and works with Defense Center.
View solution in original post