Splunk settings Skip Navigation

Splunk
settings

Note Regarding Syslog Over SSL
Sending data over encrypted protocols is recommended, when possible.
Cylance
and
Splunk
can communicate syslog data using plain-text and over SSL. For more information about how to configure forwarding, see the
Splunk
documentation at: https://docs.splunk.com/Documentation/Splunk/6.6.1/Security/ConfigureSplunkforwardingtousesignedcertificates
To see instructions that work in
BlackBerry
’s development environment, please see Appendix: configure Syslog over SSL in Splunk in Appendix A.
Unencrypted syslog input is not recommended; however, for troubleshooting purposes, it can be enabled on a port other than 6514. You can enable Syslog in
Splunk
Web in
Settings > Data Inputs > Local Inputs > TCP
. Enable TCP Port 6515.
Note on Multi-Tenant Configurations and Syslog
Each tenant will require its own stanza in inputs.conf, and each tenant requires its own port. For example, if there are two tenants, CompanyOne and CompanyTwo, inputs.conf should contain.
[tcp-ssl://6514] disabled = false sourcetype = syslog_protect source = CompanyOne index = cylance_protect
[tcp-ssl://6515] disabled = false sourcetype = syslog_protect source = CompanyTwo index = cylance_protect