We're running an on-prem instance of Splunk Enterprise behind a firewall which (currently) does not permit ingress on ports 9996 or 9997. As such, I can't get EC2 syslog data in using the UF. Is it possible to get our on-prem instance of Splunk to *pull* the syslog data, in something close to real-time, from the EC2 instance. Is there a better way to architect this or should I just resign myself to do battle with our network administrators?
Thanks,
Mike
↧