Splunk>

Splunk HTTP Event Collector

Splunk_HTTP_Collector.ps1

A PowerShell script that uses a REST API to POST data to a Splunk server with the HTTP Event Collector service enabled. Formatting the JSON properly is critical for Splunk to accept the POST and parse the JSON properly.

Splunk Install Script

splunk-script.ps1

A PowerShell script to download a Splunk Universal Forwarder from a remote server, install, configure and then remove the installation pacakge from the system. TODO: add error handling and messaging to a Splunk HTTP Event Collector.

Splunk Inputs Configuration

inputs.conf

The Splunk inputs.conf file modified to collect PowerShell/Operational and Sysmon/Operational logs. Needs to be modified from the $SPLUNK_HOME/etc/system/local directory.

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
IR-triage_compatible.ps1		IR-triage_compatible.ps1
LICENSE		LICENSE
README.md		README.md
Splunk-HTTP-Collector.ps1		Splunk-HTTP-Collector.ps1
inputs.conf		inputs.conf
splunk-script.ps1		splunk-script.ps1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Splunk>

Splunk HTTP Event Collector

Splunk Install Script

Splunk Inputs Configuration

About

Releases

Packages

Languages

License

ajackal/splunk

Folders and files

Latest commit

History

Repository files navigation

Splunk>

Splunk HTTP Event Collector

Splunk Install Script

Splunk Inputs Configuration

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages