Hello, I'm looking for input on my plan to migrate our Cisco MARS appliances to Splunk.
My basic plan is to set up the Splunk for Cisco MARS module to import archived data from the appliances to get the historical data into Splunk.
Next, re-create the MARS reports in Splunk and validate that the data/results are accurate.
Next, re-configure our nix syslog daemons to send directly to Splunk and (hopefully) get forwarders installed on the windows boxes and sending to Splunk. Forwarder vs WMI will be a big battle of course...
So, I'm looking for input on anything to be aware of or tips/tricks/infos that might help.
Thanks. Joe.