No , i'm working as splunk admin from past 3 years..... i think i haven't given clear requirement to you.
actually below is the requiremnt which We need to add the WAF logs to Splunk. In order to do this, you will need to configure a connector “pull” from the kiwi server and then a “push” to splunk cloud. The pull uses and api, for which there is a script available: https://github.com/Incapsula/logs-downloader
The connector settings:
[SETTINGS]
APIID=21630
APIKEY=
PROCESS_DIR=
BASEURL=https://logs1.incapsula.com/764_220102/
USEPROXY=NO
PROXYSERVER=
SAVE_LOCALLY=YES
SYSLOG_ENABLE=NO
SYSLOG_ADDRESS=
SYSLOG_PORT=
USE_CUSTOM_CA_FILE=NO
CUSTOM_CA_FILE=
insted of doing above all steps ,i have installed incapsula.spl file on the forwarder to send log data directly to splunk cloud. so in "inputs.conf" file "connection_host = ip" do i need to provide ipaddress of WAF server?? is my doubt
... View more