Getting Data In

Manually Importing McAfee EPO Data

rapture005
New Member

So, I have been tasked with monitoring our EPO server, which is managed by a managed service. Long story short, the only way we can get data from the EPO server is via a once a day CSV file dump. I'm sorry, but I'm still learning Splunk. What app would be the best way to ingest the data? I know I will have to manually upload the data.

0 Karma
1 Solution

mwdbhyat
Builder

The best thing to do would be to set up a file monitor(then you wouldnt have to do it manually everyday as it will continuously monitor wherever you dump that CSV file)..Should be pretty straightforward as your data will be in CSV format so fields can be split based on that as a delimiter. Please see below guide for setting up a file monitor:

Via SplunkWeb:

http://docs.splunk.com/Documentation/Splunk/6.6.3/Data/MonitorfilesanddirectorieswithSplunkWeb

Via conf file:
http://docs.splunk.com/Documentation/Splunk/6.6.3/Data/Monitorfilesanddirectorieswithinputs.conf

View solution in original post

0 Karma

mwdbhyat
Builder

The best thing to do would be to set up a file monitor(then you wouldnt have to do it manually everyday as it will continuously monitor wherever you dump that CSV file)..Should be pretty straightforward as your data will be in CSV format so fields can be split based on that as a delimiter. Please see below guide for setting up a file monitor:

Via SplunkWeb:

http://docs.splunk.com/Documentation/Splunk/6.6.3/Data/MonitorfilesanddirectorieswithSplunkWeb

Via conf file:
http://docs.splunk.com/Documentation/Splunk/6.6.3/Data/Monitorfilesanddirectorieswithinputs.conf

0 Karma

rapture005
New Member

Thanks for the quick response. This looks to be what I need! Thank you very much!

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @rapture005, please remember to mark comments as comments and answers as answers. I moved your preview "answer" to a comment. Thank you!

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...