mirror of
https://github.com/domainaware/parsedmarc.git
synced 2026-03-11 17:21:25 +00:00
148f4c87a9
Update documentation files (output.md, usage.md, kibana.md, splunk.md, elasticsearch.md, index.md, example.ini) and dashboard configurations (Grafana JSON, Kibana ndjson, Splunk XML) to use "failure" terminology instead of "forensic", consistent with the codebase rename. - CLI args: --forensic-* → --failure-* - Config keys: save_forensic → save_failure, forensic_topic → failure_topic, etc. - Index names: dmarc_forensic → dmarc_failure - Splunk dashboard: renamed file from dmarc_forensic_dashboard.xml to dmarc_failure_dashboard.xml - Backward-compat note preserved: "formerly known as forensic reports" Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
23 lines
792 B
Markdown
23 lines
792 B
Markdown
# Splunk
|
|
|
|
Starting in version 4.3.0 `parsedmarc` supports sending aggregate and/or
|
|
failure DMARC data to a Splunk [HTTP Event collector (HEC)].
|
|
|
|
The project repository contains [XML files] for premade Splunk
|
|
dashboards for aggregate and failure DMARC reports.
|
|
|
|
Copy and paste the contents of each file into a separate Splunk
|
|
dashboard XML editor.
|
|
|
|
:::{warning}
|
|
Change all occurrences of `index="email"` in the XML to
|
|
match your own index name.
|
|
:::
|
|
|
|
The Splunk dashboards display the same content and layout as the
|
|
Kibana dashboards, although the Kibana dashboards have slightly
|
|
easier and more flexible filtering options.
|
|
|
|
[xml files]: https://github.com/domainaware/parsedmarc/tree/master/splunk
|
|
[http event collector (hec)]: http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC
|