In order to ingest IBM siteprotector data into Splunk you will first of all need to configure logging of events under the Siteprotector mgmt. platform to do this : Open siteprotector console Right click your event collector Select properties Select agent properties Under event collector logging "enable event logging to log files" and set your log retention period Save policy This will then write your IDS events to the file you have selected To then send logs to Splunk Install universal forwarder on the Event collectors and configure to obtain and send logs from the directory specified ... View more