Getting Data In

Is it possible to send logs in CEF format or raw logs by syslog from Splunk to a third party system?

gcusello
SplunkTrust
SplunkTrust

Hi at all,

I have to send logs to a third party system by syslog.
I configured my system and I'm able to send events to a third party system, but the receiver needs to have logs in raw or CEF format and Splunk sends syslogs in a different format.

Is it possible to change the logs format or to send raw logs by syslog?

Thank you.
Bye.
Giuseppe

0 Karma
1 Solution

bobnieuwenhuis
Explorer

Guiseppe,

You could use App for CEF https://splunkbase.splunk.com/app/1847/
We are using it to send data in CEF format to ArcSight, only downside to this is, you have to use a standalone searchhead, as you can't use it in a searchheadcluster.

Hope this answers your question.
Bob

View solution in original post

0 Karma

bobnieuwenhuis
Explorer

Guiseppe,

You could use App for CEF https://splunkbase.splunk.com/app/1847/
We are using it to send data in CEF format to ArcSight, only downside to this is, you have to use a standalone searchhead, as you can't use it in a searchheadcluster.

Hope this answers your question.
Bob

0 Karma

harehabibi
New Member

hi
after installation App fo CEF , how config outputs.conf (\Splunk\etc\apps\splunk_app_cef\default\outputs.conf) and other config file
i want to send some log generated by Splunk_stream to arcsight
on

0 Karma

Shyngys_Bolatbe
Engager

How to save new field, which created with |cefkv command?
When I don't use |cefkv command my new fileds disappear.
I want to save fields in index with events

0 Karma

Shyngys_Bolatbe
Engager

How to save new field, which created with |cefkv command?
When I don't use |cefkv command my new fileds disappear.
I want to save fields in index with events

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...