Configuring Data Inputs

Data inputs configuration depends on your SIEM infrastructure. Veeam App for Splunk supports the following architectures:

  • Splunk acts as a receiver — receives data from Veeam Backup & Replication and Veeam ONE through the forwarder installed on the intermediate syslog server.
  • Splunk acts as a forwarder — receives data directly from Veeam Backup & Replication and Veeam ONE and forwards it to another Splunk instance, syslog server, or third-party solution.
  • Splunk acts as the only syslog server — receives data directly from Veeam Backup & Replication and Veeam ONE.

To configure data inputs, specify the veeam_vbr_syslog source type. For other settings, follow recommendations from Splunk documentation:

Important

To display data correctly, the format of syslog messages sent to Splunk must be the same as on Veeam Backup & Replication and Veeam ONE. For more information, see the following sections:

Page updated 2/20/2025

Page content applies to build 2.0.29