Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Symantec email security.cloud to Splunk Cloud

cnuguri_ncc
Path Finder
‎11-06-2020 04:03 AM

Hello,

I am looking to onboard Symantec email security.cloud  data to Splunk cloud, but the add-on seems not compatible/available on Splunk Cloud ( https://splunkbase.splunk.com/app/3830/ ), could someone please advise if there is another way ? 

I suppose using an on-prem HF for the add-on and forward data Splunk could work, although trying to avoid on-prem components if it is possible to onboard directly from IDM.

Thanks in advance.
Chaith

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-06-2020 05:59 AM

The standard practice for onboarding data when a TA cannot be installed in Splunk Cloud is to use an on-prem heavy forwarder.

---
If this reply helps you, Karma would be appreciated.
Reply

cnuguri_ncc
Path Finder
‎11-06-2020 06:33 AM

Thanks @richgalloway 👍

I was hoping to hear that Symantec supports HEC or another way of forwarding logs, before taking the on-prem HF route. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-06-2020 07:39 AM

AFAIK, Symantec does not support HEC, but you could write your own program/script that reads Symantec data and converts it to HEC.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...