Issue with Index Routing in Splunk Connect for Syslog with Kaspersky Security Center. #2229
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
Hello,
I am working with SC4S to integrate logs from Kaspersky Security Center into Splunk. I've successfully got the logs sending to Splunk via SC4S, but I'm facing an issue with indexing. Despite my configuration, the logs are still being routed to the "MAIN" index rather than my custom index.
Here is a snippet of my SC4S configuration:
/opt/sc4s/env_file
/opt/sc4s/local/context/splunk_metadata.csv
Has anyone encountered this issue before? Is there something I might be overlooking in my configuration?
Thanks in advance for any guidance or help!
Beta Was this translation helpful? Give feedback.
All reactions