cancel
Showing results for 
Search instead for 
Did you mean: 

Feed Purview data into Splunk

Feed Purview data into Splunk

James_A
Valued Contributor
I've found the white paper on integrating Splunk with Purview, and it looks great, but I can't find any technical detail on how to get the data from Purview into Splunk. What's the process for bringing the data across?
12 REPLIES 12

Mike_Thomas
Extreme Employee
Looks like this got ommitted when the host platform changed.

In the
/opt/appid/conf/appid/appidconfig.xml file




Note the Splunk line is not default of no.

after change, enter
appidctl restart
The following can be added to the end of the /etc/rsyslog.d/50-default.conf

Just add to end of the line

daemon.err @10.0.0.9
(assume 10.0.0.9 is Splunk IP)
after change
service rsyslog restart

richardphung
New Contributor
Greetings---
The information on this thread is invaluable, however, it seems that there is some syntax missing for:
/opt/appid/conf/appid/appidconfig.xml

or
/etc/rsyslog.d/50-default.conf

Please advise!

--RP

Tamera_Rousseau
New Contributor
Hi James, Please let us know if this answers your questions. Thank you!!

No, thanks for such a great topic!!
GTM-P2G8KFN