amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-02-24 01:56:25 +00:00
Code Issues Projects Releases Wiki Activity
Files
01c2e623bbcb88ceff7f761f181c05eec3146b47
parsedmarc/docs/source/splunk.md
copilot-swe-agent[bot] 148f4c87a9 Rename "forensic" to "failure" in docs and dashboard configs 
Update documentation files (output.md, usage.md, kibana.md, splunk.md,
elasticsearch.md, index.md, example.ini) and dashboard configurations
(Grafana JSON, Kibana ndjson, Splunk XML) to use "failure" terminology
instead of "forensic", consistent with the codebase rename.

- CLI args: --forensic-* → --failure-*
- Config keys: save_forensic → save_failure, forensic_topic → failure_topic, etc.
- Index names: dmarc_forensic → dmarc_failure
- Splunk dashboard: renamed file from dmarc_forensic_dashboard.xml to dmarc_failure_dashboard.xml
- Backward-compat note preserved: "formerly known as forensic reports"

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-02-20 20:57:18 +00:00

792 B
Raw Blame History

Splunk

Starting in version 4.3.0 parsedmarc supports sending aggregate and/or failure DMARC data to a Splunk HTTP Event collector (HEC).

The project repository contains XML files for premade Splunk dashboards for aggregate and failure DMARC reports.

Copy and paste the contents of each file into a separate Splunk dashboard XML editor.

:::{warning} Change all occurrences of index="email" in the XML to match your own index name. :::

The Splunk dashboards display the same content and layout as the Kibana dashboards, although the Kibana dashboards have slightly easier and more flexible filtering options.

Reference in New Issue View Git Blame Copy Permalink