The Zscaler App for Splunk works in conjunction with the Nanolog Streaming Service (NSS). The documentation to integrate the NSS with Splunk is described in the NSS Admin Guide that's available on Help Portal (you can access it by logging onto the admin UI and clicking Help at the top right). Having said that, point taken on making it simpler to access the Splunk Config docs right with the app itself.
Let me know if this works out for you. Feel free to request assistance from Support (support at zscaler dot com).
Hi Sridhar, is that Admin Guide of NSS can be available from NSS Admin UI or Zscaler UI. I don't have much information on it. Appreciate for your help in advance.
I downvoted this post because the nss config guide does not have configuration steps for the "zscaler app for splunk" it only demonstrates how to configure the nanolog streaming service to send logs via syslog in cim format. the documentation for this app is poor.
What would the steps be for a splunk cloud installation as the splunk cloud only accept data from a forwarder.
"For security, Splunk Cloud accepts connections only from forwarders with the correct Secure Sockets Layer (SSL) certificates. If you want to send data from a TCP or UDP source such as syslog, use the Splunk Universal Forwarder to listen to the source and forward the data to your Splunk Cloud deployment."
This implies that you need a forwarder as a go-between?