Splunk not ingesting opencanary.log #317
Unanswered
extremepaperclip
asked this question in
Q&A
Replies: 2 comments
-
|
I send to Splunk using Webhooks over Tailscale. This works to the tune of 4 million records for 3 OpenCanaries per month. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Can you share what your Opencanary configuration might look like? I suspect the route to take is to config Opencanary to send the events directly to your Splunk instance |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Has anyone else experienced this?
Splunk is not ingesting the opencanary.log. I set up the monitor via inputs.conf (and I can successfully ingest if I run "tail -n 1 opencanary.log > test.log" Splunk ingests the test.log just fine). I have a support ticket open with Splunk Support, and so far they cannot figure this out as well.
If anyone has experienced this and solved the issue - please let me know what the fix was.
Thanks!! I love this project!
ExtremePaperClip
Beta Was this translation helpful? Give feedback.
All reactions