What kind of data handler(s) does the BMC AMI Defender App for Splunk use? |
Answer The BMC AMI Defender App for Splunk product consists of two data handlers, SPLN and CEF, that consume syslog messages from BMC AMI Defender for z/OS and map the data so that any Splunk Enterprise dashboard that supports the Splunk Common Information Model (CIM) can use the data. Choose the data handler that is appropriate for the message format you want Splunk to handle. All the dashboard apps that are a part of the BMC AMI Defender App for Splunk product work with either data handler. BMC recommends that you use the SPLN data handler. More details: Yes, the BMC AMI Defender for z/OS can send messages to Splunk other than the SPLN and CEF format (such as JSON and RFC3164), however only SPLN and CEF formatted messages will be displayed in the Splunk Apps making up BMC AMI Defender App for Splunk. |