Splunk, Sophos UTM9, parsing logs from UDP input

i send all my UMT9 data via syslog to splunk.

you have to create/activate the syslog listener at splunk before.

afterwards you can search for UTM data within splunk database.

mostly the add-ons are graphical tools to visualise the received data.

Thank you for answer!

But, can you tell me more in details all processes, perhaps with screenshots (where settings are needed, or configuration files), so I better understand. Because I'm a very green noob in the Splunk.

I supposedly understood what you said, but I do not know what to do :D

Hi,

i'll try to help you :-)

where is the problem?

- sending syslog from UTM

- receiving syslog with Splunk

- searching for data within splunk

The problem is that Sophos UTM9 sending logs to my Splunk Cloud, but not all logs parsing and not all fall into the Data Model in Splunk.

The problem is that Sophos UTM9 sending logs to my Splunk Cloud, but not all logs parsing and not all fall into the Data Model in Splunk.

Sorry, i can't help configuring the internal parsing function inside Splunk.