# Intesa Splunk Pipeline

Dockerized stack:
- **Splunk 9.4.2** (HEC enabled)
- **Poller**: reads from Splunk, chunks to JSONL in `./out`
- **Analyzer**: scans chunks, writes reports to `./reports`

Quick start:
```bash
docker compose up -d --build
# In Splunk: create index "intesa_payments"
# Seed test events (see docs/prod-setup.md)

Docs: see docs/prod-setup.md for full step-by-step and operational commands.