We’re proud to announce the Corelight for Splunk app is available! Using the new app (and its associated Technology Add-on (TA)), you can now monitor the health and performance of Corelight Sensors in Splunk and explore the rich data Bro provides through a series of dashboards.
The Corelight for Splunk App, associated TA, and Q&A page are all on Splunkbase now.
If you’re using open-source Bro and you want to use Corelight’s app, you need to send your Bro logs to Splunk in a streaming format using JSON. To do so, install the json-streaming-logs Bro package using the Bro Package Manager, also directly available via GitHub.
In the next few months, we’ll be publishing more information about the app, including an FAQ and a longer blog post dedicated to highlighting its functionality and benefits.
In the meantime, let us know if you have any questions or concerns installing or using the new app: appsupport@corelight.com.
The Corelight Team