Using TCP CEF Syslog to send FireEye alerts to our heavy forwarder, how do we get the events to forward to a custom index on the indexer? There is no inputs.conf within the app itself. All alerts are being forwarded to the main index currently.
We have followed the instructions outlined on pg 18 of the document linked below, but this appears like it will only work for sending events via JSON HTTPS.
PG 18.
https://www.fireeye.com/content/dam/fireeye-www/global/en/partners/pdfs/config-guide-fireeye-app-for-splunk-enterprise.pdf
Does anyone have experience with sending FireEye alerts from a forwarder to a custom index, and is this possible with tcp syslog cef?
↧