Illumio Technology Add-On for Splunk

The Illumio Technology Add-On for Splunk enriches Illumio Policy Compute Engine (PCE) data with Common Information Model (CIM) field names, event types, and tags. This TA enables Illumio data to be easily used with Splunk Enterprise Security, Splunk App for PCI Compliance, etc. IMPORTANT: In v4.0.0 and onwards, Syslog prefixes are stripped at index-time for JSON-formatted events. Due to this change, the search-time extractions and transforms for version 4.0.0 and onwards are incompatible with data indexed by previous versions of the TA. See the Upgrade section in the README (or Installation Instructions pane) for more detailed instructions for converting data and custom searches from previous versions of the TA. TA-Illumio compatibility: v4.0.3 - Splunk 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 + PCE 21.5, 22.2, 22.5, 23.2, 23.5, 24.2.x and SaaS v4.0.2 - Splunk 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 + PCE 21.5, 22.2, 22.5, 23.2, 23.5 and SaaS v4.0.1 - Splunk 9.1, 9.0, 8.2, 8.1 + PCE 21.5, 22.2, 22.5, 23.2 and SaaS v3.2.3 - Splunk 9.1, 9.0, 8.2, 8.1 + PCE 21.2, 21.5, 22.2, 22.5 and SaaS v3.2.0 - Splunk 9.1, 9.0, 8.2, 8.1, 8.0, 7.3 + PCE 18.3, 19.1, 19.3, 20.1, 21.2, 21.5 For dashboards with Illumio data, please install the Illumio App for Splunk available at https://splunkbase.splunk.com