How can I add Spamhaus Datasets for Splunk?

prashant032 · ‎11-07-2022

hello sir

How i add spamhaus dataset in splunk ,???

any guide or process?? please help

i already installed Spamhaus Datasets for Splunk,

richgalloway · ‎11-07-2022

There are a few ways to onboard data into Splunk.

Install a universal forwarder on the server to send log files to Splunk
Have the server send syslog data to Splunk via a syslog server or Splunk Connect for Syslog
Use the server's API to extract data for indexing
Use Splunk DB Connect to pull data from the server's SQL database.
Have the application send data directly to Splunk using HTTP Event Collector (HEC).

The Spamhaus app provides searches for data that is already in Splunk. So it's up to you to get the data into your indexers. Per the app's splunkbase page: "To utilize this data customers must be subscribed to the Spamhaus Data Query Service (DQS). This service is FREE for low-volume users, simply complete the sign-up form at: https://www.spamhaustech.com/free-trial/sign-up-for-a-free-data-query-service-account/"

---
If this reply helps you, Karma would be appreciated.

How can I add Spamhaus Datasets for Splunk?

administration

configuration

installation

investigation

troubleshooting

using Enterprise Security

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

Are you a member of the Splunk Community?

How can I add Spamhaus Datasets for Splunk?