QRadar App for Splunk Data Forwarding
The QRadar® App for Splunk Data Forwarding enables communication so that you can forward raw data from the Splunk Enterprise or the Splunk Universal Forwarder to QRadar for analysis. After the app connects to Splunk forwarders, you can see which data sources the forwarders monitor and then choose which sources to forward to QRadar. The app modifies the appropriate Splunk configuration files (unless the app is in preview-only mode), and then Splunk does the actual forwarding of the data to QRadar. QRadar parses the data from Splunk the same way that it parses data from other sources and displays the data in the Log Activity tab. Preexisting auto detection settings work as expected.