Forum Discussion
Solved
Splunk logs on Azure Sentinel
Team please confirm whether Splunk logs can be send on Azure Sentinel if yes how and where we can see the logs.
Anurag65 , CliveWatson : we do see customers who prefer to reuse their existing collection infrastructure and hence send logs from a current SIEM to Sentinel. Splunk specifically supports forwarding events in CEF using the Splunk CEF app. You can also forward directly from a forwarder using Syslog.
Most customers, send the data (in my experience) from the source to one or both SIEM tools, rather than SIEM to SIEM - for which both have APIs you can use.