Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What do I need to get SAP logs?

splunkcol
Builder
‎02-20-2023 07:30 AM

Hi, I have been tasked to investigate what is needed to receive SAP logs in Splunk.

The first thing I find when I make my first queries on google is that there is a connector called "SAP PowerConnect for Splunk" but when I enter https://splunkbase.splunk.com/app/3153 and try to download it I get a message saying that the download is restricted.

splunkcol_0-1676906784500.png

 

I also found this step by step and I would like to know what you think if the information is current because as we know about Splunk we find information on the internet but in many cases it is very old and perhaps obsolete information.

https://www.wallsec.de/blog/siem-your-sap-security-audit-log-with-splunk#h.p_2Y3sy8TDSHCy

 

and in this last link I see a process and the truth is that the matter is complex.

Solved: How to Splunk the SAP Security Audit Log - Splunk Community

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-20-2023 08:20 AM

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempted to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-20-2023 08:20 AM

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempted to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

splunkcol
Builder
‎02-20-2023 08:33 AM

tnx

0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

We’ve been shouting it from the rooftops! The findings from the 2023 Splunk Career Impact Report showing that ...

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...