Forum Discussion

Copper Contributor

Jan 22, 2020

Solved

Splunk logs on Azure Sentinel

Team please confirm whether Splunk logs can be send on Azure Sentinel if yes how and where we can see the logs.

Ofer_Shezaf
Jan 26, 2020
Anurag65 , CliveWatson : we do see customers who prefer to reuse their existing collection infrastructure and hence send logs from a current SIEM to Sentinel. Splunk specifically supports forwarding events in CEF using the Splunk CEF app. You can also forward directly from a forwarder using Syslog.

Copper Contributor

May 07, 2020

Thanks for the prompt and helpful reply Ofer 🙂
- Col. S

Icon for Microsoft rank

Microsoft

Jun 10, 2020

AutomationMan i just finalised an integration to be able to export any data from splunk index to sentinel. I will share it as soon possible.

MSH21
Copper Contributor
Dec 08, 2021
yokhaldi can you please share the details on how did you get logs from Splunk to Sentinel? Did you utilize the CEF to forward to Sentinel log collector or directly to Sentinel using HTTP event API?

Resources