I dealt with this issue earlier this week. The OSSEC-for-splunk app is compatible with Splunk v3 only. You can get the app from the splunk site only when accessing though a splunk 3 install (or I have the tar ball of the app.)
I don't know if the original author is planning a Splunk v4 OSSEC app or not. If not, I think I might work on one. Nick On Thu, Dec 31, 2009 at 9:30 AM, Dave S <[email protected]> wrote: > I've also been testing Splunk these past few days. I read on the > OSSEC web site > <http://www.ossec.net/wiki/OSSEC_&_Splunk> > about an app for Splunk that reads OSSEC agent data into its database, > but I can't find it anywhere in the Splunk "App Store", yet it still > pops up in searches when you google for "splunk ossec". > > Is it no longer supported? >
