When I have notification with default target, Does this get recorded in Cribl logs?
Quick question - When I have notification with default target i.e. System Message. Does this get recorded in Cribl logs? if yes, should it be on leader or worker group node?
Answers
-
I am trying to get `No Data Received` notifications out to non-cribl system (Splunk SOAR).
0 -
I see the notifications.log on the leader cribl/log directory
0 -
Also, I found this document useful: https://docs.cribl.io/stream/internal-logs
0 -
let me sneak into it
0 -
You might be able to use Notifications and a WebHook target, using HEC like the below to reduce the need to put an Edge node or similar on your Leader to get this info. Might need Splunk Cloud support to allow the `allowQueryStringAuth` parameter though: https://www.splunk.com/en_us/blog/tips-and-tricks/splunking-webhooks-with-the-http-event-collector.html
0 -
<@U0153P89SNQ> <@U03AHE2KW92> in the attached document I have 3 options to send Cribl notifications to Splunk My favorite is the first option since it is supported by both Splunk on-prem and cloud. The second option is identical to your link The third is an App that is available on Splunkbase
0 -
0
0 -
Thanks for that useful doc <@U01J549PR6Y> :slightly_smiling_face:
0 -
Excellent. Thank you <@U01J549PR6Y> and <@U0153P89SNQ>.
0
