Wazuh 4.5 compatibility with Splunk v9.0.2

[Jose Cruz]

Hello all,

I'd like to connect Splunk with Wazuh following this guide: https://documentation.wazuh.com/current/deployment-options/splunk/splunk-app.html

The compatibility matrix does not list this version.

Nevertheless, seems like there are issues from previous users doing this as in: https://github.com/wazuh/wazuh-splunk/issues/1352

But seems like some members of Wazuh managed to do so: https://github.com/wazuh/wazuh-splunk/issues/1363

Is it possible to do this integration with the current versions?

Best regards.

[Javier Sanchez Gil]

Hi Jose Cruz,

It seems that the issue at https://github.com/wazuh/wazuh-splunk/issues/1352 was due to an incompatibility between the Wazuh server version 4.3.5 and the application designed for version 4.3.3.

The problem was that Splunk 9.0 had deprecated the HTML panels. The panels of the Wazuh application were not going to be compatible with future versions, but it appears that the application still works on Splunk 9.0.2 despite using a deprecated SDK. In principle, there shouldn't be any compatibility issues between Wazuh 4.5 and Splunk v9.0.2.

Please note that we haven't officially supported Splunk 9.0.2 yet, so we can't guarantee that the application will work as expected.

I would recommend checking the official compatibility matrix for Wazuh and Splunk: https://github.com/wazuh/wazuh-splunk/wiki/Compatibility

Hope this helps!