Getting Data In

SPLUNK APP that preserves events in the same format as it receives them for integration purposes with ArcSight

jtsapos
Explorer

I got some info from an ArcSight engineer that Splunk recently brought out its own App that will preserve log data in the same format that it receives it and I am lead to believe that it does a lot of the processing to make sure that the data coming out of SPLUNK is in the same format that comes in from the different vendors.

It should make it simpler to do and easier to manage, but at the moment I haven't had the chance to look at this and I can't comment directly.

Maybe someone else has done this or knows more about this?

Thanks in advance.

0 Karma

jtsapos
Explorer

Does the Splunk App for CEF convert the data to the same CEF format as ArcSight CEF?

You mention that the SPLUNK app for CEF provides a continuous export of the data from SPLUNK which sounds good but the question I have on this is "Do you have to map every event one by one first or is there some way to just get a full export of the SPLUNK data all at once?"

Can you shed some light on these problems for us?

Thanks in advance

0 Karma

LukeMurphey
Champion

You are likely referring to the Splunk App for CEF. It provides an user interface that helps set up a continuous export of data from Splunk to another device that accepts CEF (such as ArcSight).

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...