We've got a requirement to move all our raw logs and meta stored on the Archiver to the Splunk platform.
Now, I see there's a document on the Community that speaks of RSA NetWitness and Splunk.
I’ve gone through the document. I find procedures to pivot investigations from RSA NetWitness to Splunk and vice versa. I also see procedures to forward NetWitness audit/security logs, ESA and RE alerts to Splunk.
However, what I’m looking for is to migrate all stored event log data [on my Archivers, whatever the duration] to Splunk. I don’t see a procedure for this.
Any insights on how this can be achieved?