Hi All -
I'm new with Splunk and currently just started learning the Fundamentals. I just received a request to setup and configure ProofPoint RSyslog in Splunk.
Hoping to give me more information and instruction how to setup the Proofpoint add-in in Splunk.
Thank you in advance and any inputs and suggestion is highly appreciated.
Hello and Welcome to Splunk!
start with a little reading on the ProofPOint Side:
https://www.proofpoint.com/us/technology-partners/splunk
then dive in to how the app integrates: (there are 2 add-ons and i always forget which one trumps)
https://splunkbase.splunk.com/app/3080/#/details - this one i think works with syslog
https://splunkbase.splunk.com/app/3681/ - this one is with API Modular Input
enjoy answers from other members asking the same question you do:
https://answers.splunk.com/answers/405250/how-to-pull-logs-into-splunk-from-proofpoint-via-a.html
hope it helps and enjoy the journey!
Thank you Adonio for the links. Will definitely check this and keep you posted.
Hopefully I can successfully setup the PP in Splunk.