Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there any way to forward kv store data on HWF to splunk cloud?

syokota_splunk
Splunk Employee
Splunk Employee
‎05-21-2018 03:23 PM

I consider the way to forward kv store data on HWF to splunk cloud .
My understanding is if I want to forward indexed data then define with inputs.conf on HWF.

Can we monitor KV sotre data and forward to splunk cloud?

The reason why I confirm this topic is I'd like to collect threat intelligence via minemeld, then I choose "Palo Alto Add-On" to collect minemeld data, but threat intelligence data will be gather into kvstore basically.
https://splunk.paloaltonetworks.com/autofocus-and-minemeld.html

If the "Palo Alto Add-On" can not forward kv store data into splunk cloud, I'd chose the other Splunk App such as "REST API Modular Input".

Thanks,
Satoshi

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎05-21-2018 10:54 PM

Short answer, No.

Long answer, you could write that KVStore to a summary index using a combination of lookup and collect, and that will get forwarded to Cloud.. Or export KV store to a csv file with a saved search and ingest that file...

A few options..

View solution in original post

0 Karma
Reply
Solved! Jump to solution

syokota_splunk
Splunk Employee
Splunk Employee
‎05-24-2018 04:28 PM

It's clear issue finally,
We install Palo Alto Add-On in Splunk cloud instance.
And also we set FQDN of minemeld server and import SSL certification the reason why is reffer from here.
https://answers.splunk.com/answers/582779/sslerror-ssl-certificate-verify-failed-certificate.html

Then configure input setting in Splunk cloud, pull from minemeld server.
Thank you guys.

0 Karma
Reply
Solved! Jump to solution

HiroshiSatoh
Champion
‎05-22-2018 11:24 PM

If you use the API there is APP.

TA-SyncKVStore
https://splunkbase.splunk.com/app/3519/

0 Karma
Reply
Solved! Jump to solution

syokota_splunk
Splunk Employee
Splunk Employee
‎05-23-2018 12:20 PM

Thanks Hiroshi-san, it seems if I'd like to pull KVStore data on HWF, then I need to install this app in splunk cloud and pull data from HWF via API.
I'll check it more.

0 Karma
Reply
Solved! Jump to solution

starcher
Influencer
‎05-24-2018 09:46 PM

My app is not Splunk cloud certified. So you’ll likely not get support to install it. You could run it from the HF if you can hit your Splunk cloud api from it.

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎05-21-2018 10:54 PM

Short answer, No.

Long answer, you could write that KVStore to a summary index using a combination of lookup and collect, and that will get forwarded to Cloud.. Or export KV store to a csv file with a saved search and ingest that file...

A few options..

0 Karma
Reply
Solved! Jump to solution

syokota_splunk
Splunk Employee
Splunk Employee
‎05-22-2018 06:23 AM

Thanks, esix.
I understood, basically kvstore data can not forward, so I have two options now.
1. Try to make summary index of kvstore data
2. Don't use Palo Alto Add-on and alternate to use "REST API modular Input" and collect into index

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...