Creating an Event Collector for Alerts and Unified Logs

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

In Splunk, create HTTP Event Collectors for macOS Security data.

  1. In Splunk, navigate to Settings > Data inputs .
  2. In HTTP Event Collector, click + Add new, and then name the event collector:
    • NameJamf Protect Alerts and Logs
    • (Optional) Source Name OverrideJamfProtect
  3. Click Next, and then click Select for Source Type and enter the following:

    jamf:protect:alerts

  4. Under Available Items, choose your selected index.
  5. Review your settings, and then click Submit.

Your HTTP Event Collector for Jamf Protect's macOS Security data is now available.