Hi, from a customer I have this type, UF with Security events that sends them to a Splunk indexer. I would like to forward these events (only Security ad Application) to a third-party siem.
I tried the configuration found on this post posts but I can't forward these events correctly.
https://answers.splunk.com/answers/400161/how-to-forward-sourcetype-from-a-heavy-forwarder-t.html
https://answers.splunk.com/answers/448100/is-it-possible-to-index-and-forward-a-specific-sou.html
https://docs.splunk.com/Documentation/Splunk/6.4.3/Forwarding/Routeandfilterdatad#Replicate_a_subset_of_data_to_a_third-party_system
Does anyone have a working configuration?
... View more