Configuring Data Inputs

Data inputs configuration depends on your SIEM infrastructure. Veeam App for Splunk supports the following architectures:

Splunk acts as a receiver — receives data from Veeam Backup & Replication and Veeam ONE through the forwarder installed on the intermediate syslog server.
Splunk acts as a forwarder — receives data directly from Veeam Backup & Replication and Veeam ONE and forwards it to another Splunk instance, syslog server, or third-party solution.
Splunk acts as the only syslog server — receives data directly from Veeam Backup & Replication and Veeam ONE.

To configure data inputs, specify the veeam_vbr_syslog source type. For other settings, follow recommendations from Splunk documentation:

Get data from TCP and UDP ports for Splunk Enterprise
Get data from TCP and UDP ports for Splunk Cloud Platform

Important

To display data correctly, the format of syslog messages sent to Splunk must be the same as on Veeam Backup & Replication and Veeam ONE. For more information, see the following sections:

Specifying Syslog Servers in the Veeam Backup & Replication User Guide.
Syslog Integration in the Veeam ONE Monitoring Guide.