Hi to all. I'm working at a startup company providing security solutions.
I started research on how to integrate with Splunk, Splunk ES.
for now, we choose to use the HEC method for delivering the data into Splunk cloud.
I wanted to ask some questions.
do i need to create an add-on?
to integrate with Splunk SE what are the actions, I need to do?
I understand this is the flow of actions -
load data using the HEC,
parse data normalizing them,
eventually, load data in Data Models,
if you don't load data In data Models, create your Correlation Searches using indexes.
I'll be happy if someone will be able to elaborate more about each topic and tell me if something is missing.
... View more