From the Splunk UI, click on the gear icon next to Apps on the home page. Click on Browse more apps and search for the Stomshield app.
Alternatively, the application can be downloaded from the Splunk base web site and uploaded manualy with Install app from file on the Apps page.
If you update the application from a previous version, check the Upgrade option.
In the Settings, click on Data / Data inputs and add a new TCP or UDP input. Edit the port number and press the Next button. Configure a new source type (name SNS and custom category). Create a new index named "sns". Click on Review and Submit.
Log on the SNS Webadmin UI and go to Notifications / Logs - Syslog - IPFIX. On the Syslog tab, edit a profile and configure the Splunk server IP address in the Syslog server field, select UDP or TCP in the Protocol field, select a service in the Port field and select LEGACY_LONG in the Format field. Enable the profile and Apply the configuration.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.