×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
RemcodeBerk
New Member
Member since: ‎05-26-2017
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-26-2017
Activity Feed
View All

Re: Using AWS SNS to get data into Splunk. See dat...

by in All Apps and Add-ons
‎05-27-2017 02:45 AM
‎05-27-2017 02:45 AM
Thanks, If I stripped of everything after the last pipe, I get events. e.g. Trend App is looking for: cef_severity or dvchost or LI_Description etc. But the SNS log from trend has: severity, OSSEC_Hostname and OSSEC_Description. I changed the searches trying to find something what matches. And this works... But, I am afraid when the first update of the trendapp comes along, the original searches are back and the app will break again. Also I am not sure if the replacement keys I used give the same results as the original. Question 1: Can I changes the dashboards without consequences for new versions of the trend app? Question 2: Is there a translation table between the SNS (OSEC etc) and TrendApp (CEF) keys? I think it is strange that Trend uses different keys for this? But maybe I am the only one 🙂 Thanks Remco ... View more

Using AWS SNS to get data into Splunk. See data co...

by in All Apps and Add-ons
‎05-26-2017 12:01 PM
‎05-26-2017 12:01 PM
Can't use syslog from Deep Security Cloud solution to Splunk Cloud. So I use log forwarding to SNS and in AWS I forward the incoming event to Splunk Cloud. I put the events in the correct sourcetypes in Splunk and I see the data is coming in but dashboards stay empty. It looks that the names of the items do not match what the app is searching for. Any ideas where to look? Thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM