Visham Rawat

Raw logs and Meta from Archiver to Splunk

Discussion created by Visham Rawat on Mar 17, 2020
Latest reply on Mar 20, 2020 by Visham Rawat

We've got a requirement to move all our raw logs and meta stored on the Archiver to the Splunk platform.


Now, I see there's a document on the Community that speaks of RSA NetWitness and Splunk.

I’ve gone through the document. I find procedures to pivot investigations from RSA NetWitness to Splunk and vice versa. I also see procedures to forward NetWitness audit/security logs, ESA and RE alerts to Splunk.


However, what I’m looking for is to migrate all stored event log data [on my Archivers, whatever the duration] to Splunk. I don’t see a procedure for this.


Any insights on how this can be achieved?