Hi,
I am trying to ingest huawei USG6650 device logs but it seems that no app is available in splunk base for this purpose. Is there any other way/guide for this?
There are several ways to get data into Splunk.
1) Install a Universal Forwarder on the device to send logs to Splunk
2) Have the device send syslog events to Splunk via rsyslog, syslog-ng, or Splunk Connect for Syslog
3) Write a script that uses the device's API to extract data and index it in Splunk
4) Use Splunk DB Connect to extract data from the device's SQL database
5) Have the device send events directly to Splunk using HTTP Event Collector (HEC)
Which one you use will depend on the device and it's capabilities.
Sorry for the confusion, but my intention is to know how the huawei device data can be indexed in splunk and populated with important fields/formats that can be used for such as ESS app.
seems that for cisco appliances, you can use TA-cisco-app for the logs to be populated with important fields. Any alternatives for huawei devices?
Hi @eidil .. some devices, like cisco firewall, will have apps/add-ons, technical addons, etc,.. they are generally created by Splunk or Device owners themselves/or some Splunk Consultants, Engineers, Developers.
in the same way, some devices,..generally new or not famous devices, i know huawei devices are famous, but it may happen at times that, these devices may not have addons on SplunkBase.
so, the alternative approaches are - As @richgalloway suggested clearly.
As per understanding, firewall devices are good candidate for Syslog - Splunk integration.