This guide covers the deployment, configuration and usage of the CrowdStrike Falcon® Event Streams Technical Add-on (TA) for Splunk v3 and above. The CrowdStrike Falcon® Event Streams Technical Add-on for Splunk allows CrowdStrike customers to collect event data from the CrowdStrike Event Streams API and send it to Splunk to index it for further analysis, tracking and logging.
Download the Technical Add-On from Splunkbase: https://splunkbase.splunk.com/app/5082/
