Splunk Enterprise Security

How to send events via HEC method via JSON format?

GuyCo
Observer

Hi to all.

im setting an integration with Splunk and Splunk ES.

I decided to send events via HEC method json format.

I understand that in order to accept the events in Splunk ES i need to do 2 things.

1. build an Add on for parsing the info

2. load the data in data model.

ill be happy to have several answers :

1. do i need to send the events via CEF Syslog or json format is good enough ?

2. what is the standard event we should send to Splunk? json, Syslog? CEF?

ill be happy for you to explain the process for building an add on, how to load in data modal - CIM 

thanks to all

Labels (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

what you are meaning with "integration with Splunk and Splunk ES"? You don't have those one the same environment, when there is no need for separate integration?

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...