I am really struggling to add my macos data into splunk just like how we can upload the event logs of windows. is there any add-ons that i can install to help me do this? if there is, can anyone explain how to configure it and make it work?
To get you started here's a number of links for you read and work through
In short you need the nix TA, UF and configure inputs and outputs based on your requirements.
#This shows you the TA Required (Nix TA)https://splunkbase.splunk.com/app/833
#This shows you the OS Supported = MacOs is listedhttps://docs.splunk.com/Documentation/AddOns/latest/UnixLinux/About
#Read the release noteshttps://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Releasenotes
And you will need to install a Universal Forwarder for the MacOS + configure outputs and TA inputshttps://www.splunk.com/en_us/download/universal-forwarder.html
