Introducing the Illumio Technology Add-On for Splunk
The Illumio Technology Add-On (TA) for Splunk enriches Illumio Policy Compute Engine (PCE) data with Common Information Model (CIM) field names, event types, and tags.
The TA enables Illumio data to be used with Splunk Enterprise Security, Splunk App for PCI Compliance, and more.
Important
In version 4.0.0 and later, Syslog prefixes are stripped at index-time for JSON-formatted events. Due to this change, the search-time extractions and transforms for version 4.0.0 are incompatible with data indexed by previous versions of the TA. See the Upgrade section in the README (or the Installation Instructions pane) for instructions on how to convert data and custom searches from previous versions of the TA.
Related Links
For dashboards with Illumio data, install the Illumio App for Splunk.