Dashboards & Visualizations

Arcsight to HEC

sahiltcs
Path Finder

We have two options to send  our Splunk Cloud, Please suggest which option is best .

1) HF outputs syslog to LogStash and logstash pushes to HEC.

arcsight -> HF -> logstash -> HEC

2. Arcsight pushes to Nifi and nifi transforms and pushes to HEC

arcsight -> Nifi -> HEC

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Why are those your only two options?  Arcsight can produce syslog output so you also have these options:

3. Arcsight -> HF -> Splunk Cloud

4. Arcsight -> Splunk Connect for Syslog (SC4S) -> HEC

I recommend option 4 because it's easy to manage and performs well.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!