Getting Data In

What do I need to get SAP logs?

splunkcol
Builder

Hi, I have been tasked to investigate what is needed to receive SAP logs in Splunk.

The first thing I find when I make my first queries on google is that there is a connector called "SAP PowerConnect for Splunk" but when I enter https://splunkbase.splunk.com/app/3153 and try to download it I get a message saying that the download is restricted.

splunkcol_0-1676906784500.png

 

I also found this step by step and I would like to know what you think if the information is current because as we know about Splunk we find information on the internet but in many cases it is very old and perhaps obsolete information.

https://www.wallsec.de/blog/siem-your-sap-security-audit-log-with-splunk#h.p_2Y3sy8TDSHCy

 

and in this last link I see a process and the truth is that the matter is complex.

Solved: How to Splunk the SAP Security Audit Log - Splunk Community

 

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempting

to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Dare2SplunkSAP
Explorer

Have you looked deeper into PowerConnect? It's a pretty fantastic tool.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempting

to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.

splunkcol
Builder

tnx

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...