Splunk not ingesting opencanary.log

[extremepaperclip]

Has anyone else experienced this?
Splunk is not ingesting the opencanary.log. I set up the monitor via inputs.conf (and I can successfully ingest if I run "tail -n 1 opencanary.log > test.log" Splunk ingests the test.log just fine). I have a support ticket open with Splunk Support, and so far they cannot figure this out as well.

If anyone has experienced this and solved the issue - please let me know what the fix was.

Thanks!! I love this project!
ExtremePaperClip

[SecuriLee]

I send to Splunk using Webhooks over Tailscale. This works to the tune of 4 million records for 3 OpenCanaries per month.
Splunk handles the JSON and I have built out some nice dashboards :)

[jayjb]

Hi @extremepaperclip,

Can you share what your Opencanary configuration might look like? I suspect the route to take is to config Opencanary to send the events directly to your Splunk instance