IT infrastructure search developer Splunk has appointed Daniel Miller as its regional manager for Australia and New Zealand.
Rolling out splunk I'm debating switching to JSON. Splunk supports spath now and even endorses JSON towards user friendliness (ref: http://dev.splunk.com/view/logging-best-practices/SP-CAAADP6 )
Ironically Splunk also recommends against JSON (ref: http://docs.splunk.com/Documentation/Storm/Storm/User/Bestpractices ).
I have installed Snort and Splunk on the same server.
Splunk is receiving syslog messages on UDP 514 from my router.
However, I am having problems getting Snort to send anything to Splunk.
In the guides I have seen, it entails enabling Rsyslog. What does that do? They are both on the same machine, can't Snort just send to Splunk?