Support Questions
Find answers, ask questions, and share your expertise

What processor for Zeek logs via Splunk Forwarder

I have Zeek logs being ingested and being sent to Splunk via a Splunk Forwarder. I want to be able to catch this also in NiFi to be able to do some extra stuff to it, but I cannot see it using the usual processors as I think it is because of it monitoring the zeek logs constantly, and pushing them across, so it might seem to NiFi that there is no end of the file. There are delimiters within the Zeek logs - { }, but I am wondering if anyone else has tried this before with any success, as it seems I am the only one wanting to be able to do this. Whether it is because of the logs being sent across via the Splunk Forwarder, or because of the way the Zeek(bro) logs being monitored.

1 REPLY 1

Re: What processor for Zeek logs via Splunk Forwarder

hello,

 

Have you tried with a syslog listener on Nifi side?