Hi TeamI hope you are doing well.We have been using Cribl to transform all our logs before they hit Splunk. We want to CIM the fields. Is there a way to do it?Thank you so much
Page 1 / 1
For sure. Cribl gives you complete control rename fields and/or move data around. It is not an easy button tho. You'll need to know your data and how it maps into CIM.I put together an example of this sort of thing in the Cisco ASA https://packs.cribl.io|pack
Another good example is this pack:https://packs.cribl.io/ -> AWS VPC Flow for Security Teams
Thank you so much.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.