I haven't used it, but generally, if they can export their results in plain text format, they are compatible with splunk. From the quick glance I've had, they support csv to im/export data, so you're good to go.
I haven't used it, but generally, if they can export their results in plain text format, they are compatible with splunk. From the quick glance I've had, they support csv to im/export data, so you're good to go.
I spoke with a representative from Maxmind and they assured me that their product would work in Splunk. What I am looking for is; do we need to remove the old instance or can we overwrite whats already there?
You mean you have already indexed data from an older version? You can keep it if you need it, and if there's nothing new added from the new version then that's what I would recommend. Overwriting is not really something you do in splunk, you would have to delete and re-index.
I don't really know about your content though, I just wanted to point out that technically, your data is compatible.
Thank you Jeff! That's the answer I was looking for. We really don't have that much information indexed through Maxmind so reinstalling would not kill us.
