Hi at all,
I have to send logs to a third party system by syslog.
I configured my system and I'm able to send events to a third party system, but the receiver needs to have logs in raw or CEF format and Splunk sends syslogs in a different format.
Is it possible to change the logs format or to send raw logs by syslog?
Thank you.
Bye.
Giuseppe
Guiseppe,
You could use App for CEF https://splunkbase.splunk.com/app/1847/
We are using it to send data in CEF format to ArcSight, only downside to this is, you have to use a standalone searchhead, as you can't use it in a searchheadcluster.
Hope this answers your question.
Bob
Guiseppe,
You could use App for CEF https://splunkbase.splunk.com/app/1847/
We are using it to send data in CEF format to ArcSight, only downside to this is, you have to use a standalone searchhead, as you can't use it in a searchheadcluster.
Hope this answers your question.
Bob
hi
after installation App fo CEF , how config outputs.conf (\Splunk\etc\apps\splunk_app_cef\default\outputs.conf) and other config file
i want to send some log generated by Splunk_stream to arcsight
on
How to save new field, which created with |cefkv command?
When I don't use |cefkv command my new fileds disappear.
I want to save fields in index with events
How to save new field, which created with |cefkv command?
When I don't use |cefkv command my new fileds disappear.
I want to save fields in index with events