Skip to main content
Splunk Lantern



Zeek sits on a hardware, software, virtual, or cloud platform that observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output. Software administrators use Zeek data in Splunk to analyze packet capture data directly or use it as a contextual data feed to correlate with other vulnerability related data in the Splunk plaftorm. In the Common Information Model, Zeek data can be mapped to multiple data models, such as Certificates or Network Resolution, depending on the field.


Guidance for onboarding data can be found in the Spunk Documentation: 

Refer to the documentation, and note the following: