[Zeek] Using the Corelight Splunk App with Zeek?

William Arbaugh waa at cs.umd.edu
Mon Jan 21 13:48:18 PST 2019


Can anyone point me to how to set-up the corelight Splunk app with a zeek
sensor?

I initially followed these instructions:
https://www.ericooi.com/zeekurity-zen-part-ii-how-to-send-zeek-bro-logs-to-splunk/
the JSON coming into Splunk wasn't going into the corelight index though
and looked malformed.

I then found this message from Seth:
http://mailman.icsi.berkeley.edu/pipermail/zeek/2018-June/013364.html and I
changed to using Json streaming logs, but still no joy.

Hints, pointers, etc appreciated.

Thanks, Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190121/f63eaab3/attachment.html 


More information about the Zeek mailing list