cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
IMPORTANT: Currently some Knowledge Base content may be unavailable. We are working diligently to restore these articles and appreciate your patience.

CB Protection: How to Configure Splunk Integration

CB Protection: How to Configure Splunk Integration

Environment

CB Protection Server: All Supported Versions
Splunk Server: All Supported Versions

Objective

This article describes how to integrate the Splunk analytics with CB Protection Server.

Resolution

  1. In the CB Protection console, navigate to Administration > System Configuration > External Analytics tab, and choose Edit.
  2. Check the 'Enable Export' option.
  3. In Export Directory, enter the destination directory where the CB Protection data should be exported to.  This should be a local drive to the application server.
  4. Test this directory by clicking the 'Test' button.
  5. Select the data desired for export (File Catalog, File Operations, Events).  
  6. If a limit to the directory is desired, this can be configured in gigabytes.
  7. The 'Root URL' field should be set to your Splunk web server.
  8. The default Splunk Analytics URLs can be filled in by clicking the 'Set Analytics URLs to Splunk defaults' button.  
  9. Click 'Update' to save these settings.
  10. To configure the Splunk Server for integration with the CB Protection server, please review the following article from Splunk.

Additional Notes

Further information can be found in the Supported Integration and Events Integration guides found in the Documentation and Downloads page here.

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
436