Getting Data In

SPLUNK APP that preserves events in the same format as it receives them for integration purposes with ArcSight

jtsapos
Explorer

I got some info from an ArcSight engineer that Splunk recently brought out its own App that will preserve log data in the same format that it receives it and I am lead to believe that it does a lot of the processing to make sure that the data coming out of SPLUNK is in the same format that comes in from the different vendors.

It should make it simpler to do and easier to manage, but at the moment I haven't had the chance to look at this and I can't comment directly.

Maybe someone else has done this or knows more about this?

Thanks in advance.

0 Karma

jtsapos
Explorer

Does the Splunk App for CEF convert the data to the same CEF format as ArcSight CEF?

You mention that the SPLUNK app for CEF provides a continuous export of the data from SPLUNK which sounds good but the question I have on this is "Do you have to map every event one by one first or is there some way to just get a full export of the SPLUNK data all at once?"

Can you shed some light on these problems for us?

Thanks in advance

0 Karma

LukeMurphey
Champion

You are likely referring to the Splunk App for CEF. It provides an user interface that helps set up a continuous export of data from Splunk to another device that accepts CEF (such as ArcSight).

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...