We're trying to connect UIM to Splunk. We're starting with alarms but would eventually like to get QoS over there as well.
Has anyone tried doing this lately?
So far we've followed the documentation found within the sysloggtw documentation for shipping out alarms. This is working... kind of. It will post out the message with the proper SYSLOG-OUT subject so the sysloggtw then ships it over to Splunk. The problem is that because this method uses logmon to generate a new alarm, we're losing details from the original alarm such as; severity, hostname, probe, subsystem...
Here are the links we've referenced so far: