Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

McAfee ePO Splunk Cloud

N3Char
New Member
‎11-29-2021 02:13 AM

Hello!

We want to integrate McAfee ePO into a Splunk Cloud, but we only found tutorials on syslogging data. I've been looking and I don't think it's possible to syslog in to Splunk Cloud.

How can we do it?

 

Thanks!

0 Karma
Reply

johnansett
Communicator
‎12-08-2021 12:51 PM

If this is coming from onpremise ePO then yes, syslog is your answer. There is a TA you'll want to request installation in Splunk Cloud.  From your onpremise requirement, you'll need syslog and a UF to forward.  However, the easiest solution would be just to use SplunkConnect4Syslog (SC4S):

https://splunkbase.splunk.com/app/4740/

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-29-2021 08:11 AM

The usual ways I've seen for onboarding EPO data are DB Connect and syslog.  Both have to be done on an on-prem heavy forwarder that does the onboarding and forwards the data to Splunk Cloud.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...