Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What do I need to get SAP logs?

splunkcol
Builder
‎02-20-2023 07:30 AM

Hi, I have been tasked to investigate what is needed to receive SAP logs in Splunk.

The first thing I find when I make my first queries on google is that there is a connector called "SAP PowerConnect for Splunk" but when I enter https://splunkbase.splunk.com/app/3153 and try to download it I get a message saying that the download is restricted.

splunkcol_0-1676906784500.png

 

I also found this step by step and I would like to know what you think if the information is current because as we know about Splunk we find information on the internet but in many cases it is very old and perhaps obsolete information.

https://www.wallsec.de/blog/siem-your-sap-security-audit-log-with-splunk#h.p_2Y3sy8TDSHCy

 

and in this last link I see a process and the truth is that the matter is complex.

Solved: How to Splunk the SAP Security Audit Log - Splunk Community

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-20-2023 08:20 AM

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempting

to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

Dare2SplunkSAP
Explorer
‎04-10-2024 07:31 AM

Have you looked deeper into PowerConnect? It's a pretty fantastic tool.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-20-2023 08:20 AM

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempting

to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

splunkcol
Builder
‎02-20-2023 08:33 AM

tnx

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...