I was able to simply install the FireEye TA on my all-in-one DevOps Splunk; configure the HX appliance to send JSON via HTTP POST to Splunk's API on 8089... without a problem I got the alerts in the index and sourcetype as defined in the HX appliance notifications.
But now I am having trouble trying to send it to a HF before the indexers...
Any suggestions or how to(s) appreciated.
Thank you
↧