Skip to content

Splunk Log Forwarding

Overview

Splunk is a very common and powerful SIEM that is used by many companies. Valtix supports Log Forwarding to Splunk to send security events and other log information for processing, storage, access and correlation. The information sent is in an unstructured JSON format where Splunk can process the attribute-value pairs.

Once configured, all existing and new Valtix Gateways using the defined Splunk Profile will send Flow and Threat logs to your Splunk Collector.

Requirements

In order to forward logs to Splunk, you will need the following information:

  • Splunk account
  • Splunk Collector URL
  • Event Collector Key
  • Index Name

Tip

For information on the Splunk Event Collector, refer to Splunk HTTP Event Collector

Profile Parameters

Parameter Deonticity Default Description
Profile Name Required A unique name to use to reference the Profile
Description Optional A description for the Profile
SIEM Vendor Required Datadog The SIEM used for the Profile
Skip Verify Certificate Optional Unchecked Whether to skip verifying the authenticity of the certificate
Endpoint Required The URL used to access the HTTP Event Collector
Token Required The Splunk Token to allow Valtix to communicate with Splunk
Index Required main The name of the Splunk index used to store events