×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
sbs2001
New Member
Member since: ‎02-01-2023
‎02-02-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-01-2023
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How to achieve Crowdsec json logs fields extra...

by in Splunk Search
‎02-01-2023 10:59 PM
‎02-01-2023 10:59 PM
Hi ! Shivam from CrowdSec here. Although I'm not very familiar with Splunk, you can simplify the JSON pushed by CrowdSec to Splunk. This would make your data extraction logic simpler too. To do this you'd need to override the "format" parameter at "/etc/crowdsec/notifications/splunk.yaml" . The "format" parameter is gotemplate which receives an alert object . Let us know if you need help here or on our discord ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-02-2023 02:20 AM