Getting Data In

What do I need to get SAP logs?

splunkcol
Builder

Hi, I have been tasked to investigate what is needed to receive SAP logs in Splunk.

The first thing I find when I make my first queries on google is that there is a connector called "SAP PowerConnect for Splunk" but when I enter https://splunkbase.splunk.com/app/3153 and try to download it I get a message saying that the download is restricted.

splunkcol_0-1676906784500.png

 

I also found this step by step and I would like to know what you think if the information is current because as we know about Splunk we find information on the internet but in many cases it is very old and perhaps obsolete information.

https://www.wallsec.de/blog/siem-your-sap-security-audit-log-with-splunk#h.p_2Y3sy8TDSHCy

 

and in this last link I see a process and the truth is that the matter is complex.

Solved: How to Splunk the SAP Security Audit Log - Splunk Community

 

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempting

to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Dare2SplunkSAP
Explorer

Have you looked deeper into PowerConnect? It's a pretty fantastic tool.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

"Download restricted" means the app is not free and you haven't paid for it.  Contact the developer for more information.  

There are several other "SAP" apps in splunkbase that may be free.

The Wallsec steps are still accurate.  If you're not using Splunk Enterprise Security (SIEM) then you can ignore the last 2 sections.

The linked Community post looks accurate as well.  Choose the method that works for you.

You are attempting

to integrate two complex products so expect some complexity in the solution.

---
If this reply helps you, Karma would be appreciated.

splunkcol
Builder

tnx

0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Hi Splunky people! We are excited to share the newest updates in Splunk Enterprise 9.3!Admins and Analyst can ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...