Re: Splunk Integration

devraajpandya11 · ‎05-01-2024

How do i integrate my website hosted on AWS(ec2) with splunk?

PickleRick · ‎05-07-2024

Depends on what do you want to "integrate". Do you want to collect events generated by your web app/web server? Do you want to collect metrics about your server? Do you want to embed reports from Splunk on your website? Do you want to be able to perform some action on your Splunk environment from your web app? Something else?

apietsch · ‎05-07-2024

Just collecting the logs is a great start.

If you want to collect technical metrics about user interaction you can use the RUM integration as well.

And depending what your backend looks like you could use the opensource OpenTelemetry libraries to instrument your backend application that processes your web application data. There is even a free and opensource Splunk distribution of OpenTelemetry (including the collector) available.

---------------------
Chaos Smoother | Data Wrangler

deepakc · ‎05-01-2024

At a high Level:

Think about what data you want from your website, is it OS logs Application logs, Security Logs etc and identify them.
For those logs you want is there a Splunk TA - Search on Splunk Base. (This will help with the data integration and parse the data).
Install a Universal Forwarder onto the Web Hosted Servers and monitor the logs or other methods are API and Splunk HEC.
You may even have to use a Heavy Forwarder to collect the logs - this depends on the logs/data you want and your Splunk architecture.

Splunk Integration

data

index

universal forwarder

Windows

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?