Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What do I need to get SAP logs?

splunkcol
Builder
‎02-20-2023 07:30 AM

Hi, I have been tasked to investigate what is needed to receive SAP logs in Splunk.

The first thing I find when I make my first queries on google is that there is a connector called "SAP PowerConnect for Splunk" but when I enter https://splunkbase.splunk.com/app/3153 and try to download it I get a message saying that the download is restricted.

splunkcol_0-1676906784500.png

 

I also found this step by step and I would like to know what you think if the information is current because as we know about Splunk we find information on the internet but in many cases it is very old and perhaps obsolete information.

https://www.wallsec.de/blog/siem-your-sap-security-audit-log-with-splunk#h.p_2Y3sy8TDSHCy

 

and in this last link I see a process and the truth is that the matter is complex.

Solved: How to Splunk the SAP Security Audit Log - Splunk Community

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-20-2023 08:20 AM

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempting

to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

Dare2SplunkSAP
Explorer
2 weeks ago

Have you looked deeper into PowerConnect? It's a pretty fantastic tool.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-20-2023 08:20 AM

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempting

to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

splunkcol
Builder
‎02-20-2023 08:33 AM

tnx

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...