Quick question - When I have notification with default target i.e. System Message. Does this get recorded in Cribl logs? if yes, should it be on leader or worker group node?
Page 1 / 1
I am trying to get `No Data Received` notifications out to non-cribl system (Splunk SOAR).
I see the notifications.log on the leader cribl/log directory
Also, I found this document useful:https://docs.cribl.io/stream/internal-logs
let me sneak into it
You might be able to use Notifications and a WebHook target, using HEC like the below to reduce the need to put an Edge node or similar on your Leader to get this info. Might need Splunk Cloud support to allow the `allowQueryStringAuth` parameter though: https://www.splunk.com/en_us/blog/tips-and-tricks/splunking-webhooks-with-the-http-event-collector.html
<@U0153P89SNQ> <@U03AHE2KW92> in the attached document I have 3 options to send Cribl notifications to SplunkMy favorite is the first option since it is supported by both Splunk on-prem and cloud.The second option is identical to your linkThe third is an App that is available on Splunkbase
0
Thanks for that useful doc <@U01J549PR6Y> 
Excellent. Thank you <@U01J549PR6Y> and <@U0153P89SNQ>.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.