Hello,
I installed on Splunk IronStream Data Monitor to receive Json data created by an IBM i server and transmitted by python code. I can also send the data in syslog format.
I searched but I didn’t find documentation on how to set it on Splunk to receive the data.
I would also like to know if there are specific column names for the SIEM to understand the data received.
Example in my json file the Remote_IP column is the area that retrieves the attacker’s ip address.
thanks for reading.