Splunk Log Forwarding¶
Overview¶
Splunk is a very common and powerful SIEM that is used by many companies. Valtix supports Log Forwarding to Splunk to send security events and other log information for processing, storage, access and correlation. The information sent is in an unstructured JSON format where Splunk can process the attribute-value pairs.
Once configured, all existing and new Valtix Gateways using the defined Splunk Profile will send Flow and Threat logs to your Splunk Collector.
Requirements¶
In order to forward logs to Splunk, you will need the following information:
- Splunk account
- Splunk Collector URL
- Event Collector Key
- Index Name
Tip
For information on the Splunk Event Collector, refer to Splunk HTTP Event Collector
Profile Parameters¶
| Parameter | Deonticity | Default | Description |
|---|---|---|---|
| Profile Name | Required | A unique name to use to reference the Profile | |
| Description | Optional | A description for the Profile | |
| SIEM Vendor | Required | Datadog | The SIEM used for the Profile |
| Skip Verify Certificate | Optional | Unchecked | Whether to skip verifying the authenticity of the certificate |
| Endpoint | Required | The URL used to access the HTTP Event Collector | |
| Token | Required | The Splunk Token to allow Valtix to communicate with Splunk | |
| Index | Required | main | The name of the Splunk index used to store events |