So Is there any one out there that has been sending their logs to Splunk? By logs I mean the individual computer logs. If so, how did you go about setting that up.
Question
Casper and Splunk?
+4
+15This discussion may be a good start.
Mike Dodge from Facebook used to use Casper and Splunk but is no longer using Casper.
+11What are you running your JSS on? Splunk has forwarding tools you might want to use:
https://www.splunk.com/en_us/download/universal-forwarder.html
My current implementation reads directly off the database. I'm thinking of a better way to do this but i'm ok with it at the moment. There's no shortage of options to get the information you need.
Does any one have experience in using the database backend to provide data to Splunk? I saw an old post suggesting it was a viable option. I already have Splunk enterprise so it's just a data feed thats needed. I am using API calls but the post https://jamfnation.jamfsoftware.com/discussion.html?id=7291 looks much better. I had heard that JAMF do not support the direct database access - only through the API. Can anyone confirm?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.