Veeam App for Splunk 2
User Guide
Related documents
Search

Configuring Data Inputs

Data inputs configuration depends on your SIEM infrastructure. Veeam App for Splunk supports the following architectures:

  • Splunk acts as a receiver — receives data from Veeam Backup & Replication and Veeam ONE through the forwarder installed on the intermediate syslog server.
  • Splunk acts as a forwarder — receives data directly from Veeam Backup & Replication and Veeam ONE and forwards it to another Splunk instance, syslog server, or third-party solution.
  • Splunk acts as the only syslog server — receives data directly from Veeam Backup & Replication and Veeam ONE.

To configure data inputs, specify the veeam_vbr_syslog source type. For other settings, follow recommendations from Splunk documentation:

Important

To display data correctly, make sure that syslog messages are sent to Splunk as is, without modifications. For more information about the format of syslog messages, see How integration with Syslog Server Works in the Veeam Backup & Replication User Guide.

Page updated 5/6/2025

Page content applies to build 2.0.30

View all results across Veeam
Back to document search