Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

macOS logs with a Splunk UF to Splunk Cloud

Norbert122
Observer
‎03-09-2023 02:37 PM

Hi all,

 

How do you collect your macOS security logs and index them into your Splunk Cloud/Enterprise instance?

 

I already have a deployment server so it would be great to just install the UF's with some parameters to connect to the DS and from there on install the app & make the UF send what the app tells it to send.

 

Is the best way to do it using the Splunk UF?

 

Apple changed to the Unified Log Database format, so how do you do it?

My manager suggested SC4S but is it necessary? Can SC4S even ingest macOS data?

We want the SC4S server to remain internal since all of us are WFH. SC4S is not recommended to be used with wireless networks/firewalls/or IDS's which we all have. So I don't think that's possible.

I would greatly appreciate your help.

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...