Hi All
I am currently exploring ways to collect logs from all VA nodes and push them directly to Splunk using the HTTP Event Collector (HEC), leveraging Ansible for automation. Can anyone confirm if this setup is viable and share any implementation details? Also, are there alternative or more efficient methods for ingesting VA logs into Splunk that I should consider?
Hi @lappanmu !
I’m not sure what you are looking for by having the VA logs in Splunk and I unfortunately can’t help you with that, but have you checked out the Splunk add-on for Audit Events? This allows all of the ISC events to be collected into Splunk, which hopefully includes most of the information you would be looking for.
Thank you,
Keep in mind, the virtual appliance is locked down - you can’t install any agents or run scripts based on cron or anything like that.
The one thing that comes to mind is potentially creating BeanShell rules to send data over HTTPS to the HEC during HTTP or JDBC operations, but that would probably not be as efficient as just using the Splunk Add-On that was previously mentioned.