All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Tealeaf and Splunk

hconsidine
Engager
‎12-17-2013 07:45 AM

Hi we are just starting a Proof of concept with Splunk so appreciate that I am totally new. We are looking to do some Splunk with Tealeaf data. Specifically, event data. We are having challenges Tealeaf's CEP (Complex Event Processing) to generate the file. Has anyone done this or have any advice? Thanks!

Tags (1)
Reply

gesman
Communicator
‎10-17-2014 08:28 AM

I currently using TeaLeaf data exports into Splunk mostly for Fraud investigation and security analytics purposes for big financial brokerage and banking client.

We setup regular hourly and daily cxConnect log data exports into Splunk and I also built a set of customized Splunk dashboards allowing to run very quick drilldown views, such as:

"show me all accounts there were accessed by this group of IP addresses" or:

"alert me when multiple accounts were accessed by the same IP / User Agent combo".

Above queries is not something TeaLeaf is capable of and so Splunk comes really handy as a custom security investigation dashboard solution.

I plan to write a detailed blog about possibilities of combining TeaLeaf with Splunk. If anyone is really interested in that - I can make it happen faster so more people will be able to share and benefit from this technology.

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...