Splunk® Enterprise Security

Administer Splunk Enterprise Security

Configure forwarders to send Splunk SOAR data to your Splunk deployment

Share your Splunk SOAR data with your Splunk Enterprise or Splunk Cloud Platform deployment, using universal forwarders. Universal forwarders stream data from your Splunk SOAR deployment to a data receiver, which is usually a Splunk platform index where you store your data.


See also

For details on setting up universal forwarders:
Configure forwarders to send SOAR data to your Splunk deployment in the Administer Splunk SOAR (Cloud) documentation.

For Splunk App for SOAR users:
Set up the universal forwarder using Splunk SOAR version 6.2.0 and higher in the Install and Configure Splunk App for SOAR documentation.

Last modified on 08 August, 2024
Create custom functions for Splunk SOAR playbooks   Overview of threat intelligence in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters