Getting Data In

Logging Aggregation for Checkpoint Firewalls Logs

daniel_augustyn
Contributor

I am going slightly over my license limit from time to time because of the Checkpoint firewall logs. Is there a way to aggregate some of the firewalls logs before start indexing them into the Splunk indexers? Or the only option would be to add another 20GB of license to Splunk.

Tags (1)
0 Karma
1 Solution

David
Splunk Employee
Splunk Employee

I'm not aware of any option to do this. You could potentially try to hack your own via transforms or unarchive_cmd (search on answers for examples of either), but the Check point stuff can't really be aggregated easily.

View solution in original post

0 Karma

David
Splunk Employee
Splunk Employee

I'm not aware of any option to do this. You could potentially try to hack your own via transforms or unarchive_cmd (search on answers for examples of either), but the Check point stuff can't really be aggregated easily.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...