Hi Pheniix, I setup eStreamer to forward logs to our Splunk instance; however, I am not receiving anything! .
"Intrusion Event Packet Data" is also checked.
We had several IPS event fires , since this configuration has been in place, but NOTHING was forwarded to Splunk. I did a search for
rec_type_simple=PACKET
and did not see anything :( . Could you please help me ?
Hi Anush, How are you doing?! :) Take a look at this amazing doc and check everything is set as it should be. If the issue still persists shout out at #Mike!
Google for eStreamer eNcore for Splunk Operations Guide v3.5
(Because of copyright we are not allowed to post it here!)
Hhah .Oh I will check it out! Thanks