Exist logs from splunk into Elastic #7970

tientmse62290 · 2022-05-18T03:00:09Z

tientmse62290
May 18, 2022

From ELK version 7.17 we could retrieve log from RESTAPI
https://www.elastic.co/guide/en/observability/current/ingest-splunk.html

It would be great if we could use current log and send directly into Security Onion and process with current ingress
SO2.3.120 now use the 7.17. Hope we could have this feature in 2.3.140 if we upgrade the elastic stack

Thanks alot

Answered by dougburks

May 19, 2022

Looks like Elastic has marked this as Experimental. Also looks like it requires Elastic Fleet, which is currently untested and unsupported on Security Onion. It may be a few releases before the Experimentatl tag is dropped and it's fully tested.

View full answer

dougburks · 2022-05-19T12:24:50Z

dougburks
May 19, 2022
Maintainer

Looks like Elastic has marked this as Experimental. Also looks like it requires Elastic Fleet, which is currently untested and unsupported on Security Onion. It may be a few releases before the Experimentatl tag is dropped and it's fully tested.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Exist logs from splunk into Elastic #7970

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Exist logs from splunk into Elastic #7970

Uh oh!

Uh oh!

tientmse62290 May 18, 2022

Replies: 1 comment

Uh oh!

dougburks May 19, 2022 Maintainer

tientmse62290
May 18, 2022

dougburks
May 19, 2022
Maintainer