topic Re: How to add Data Sources from different devices to Splunk? in Getting Data In

How to add Data Sources from different devices to Splunk?

fazilhussain — Mon, 23 Jan 2017 10:22:22 GMT

How to Add Data Sources from the following devices:

No| Data Type                     |  No’s of devices      |   Log sources 
01  Windows Servers           | 45/100 virtual      |      syslog   
02  Linux Servers                    
03  Palo Alto Firewall                   
04  Stonesoft  Firewall             
07  Bluecoat                                    
08  WAF                                     
09  Brocade Switches                                 
10  Routers                                   
11  Load Balancer-F5                                                    
12  MS Exchange

Please just help me on the Firewall Part how to add the Firewall, Switches, Routers, LB, MS Exchange to Splunk so Splunk start Receiving the Data for Firewall & other Devices. I Know its a huge information, I Request someone to please help me on the following.

Regards,

Re: How to add Data Sources from different devices to Splunk?

DalJeanis — Tue, 24 Jan 2017 00:18:50 GMT

Yep, what you are asking for could fill books. Before you start doing anything with splunk, find out from the tech guys WHERE those firewalls are putting their log data. It will be a directory somewhere on your network.

Then your organization has two basic choices - do they forward you a copy of that log for you to ingest, or do they let you ingest it out of that directory. Most likely, they'll want you to keep your splunky paws off their REAL log data directory, so they'll want to forward it to your indexer.

Once you know the answer to those questions, then you can get started. Review these manuals, google around, try some stuff, and then if you can't figure something out, then post a VERY SPECIFIC NEW QUESTION on the splunk answer board.

start here -
http://docs.splunk.com/Documentation/Splunk/6.5.1/Data/Howdoyouwanttoadddata

This may also help.
http://docs.splunk.com/Documentation/Splunk/6.5.1/Data/Configureyourinputs

Re: How to add Data Sources from different devices to Splunk?

hunters_splunk — Tue, 24 Jan 2017 03:05:11 GMT

Hi fazilhussian,

I think you can read the Getting Data In manual to get started with collecting data into Splunk:
http://docs.splunk.com/Documentation/Splunk/6.5.1/Data/Getstartedwithgettingdatain

Also, from your list of data types you want to ingest, I see there are some add-ons for the corresponding products that you can download from https://splunkbase.splunk.com/ and install in your environment to help you collect data:

Splunk Add-on for Blue Coat ProxySG: http://docs.splunk.com/Documentation/AddOns/released/BlueCoatProxySG/About
Splunk Add-on for Unix and Linux: http://docs.splunk.com/Documentation/UnixAddOn/5.2.3/User/AbouttheSplunkAdd-onforUnixandLinux
Splunk Add-on for Windows: http://docs.splunk.com/Documentation/WindowsAddOn/4.8.3/User/AbouttheSplunkAdd-onforWindows
Splunk App for Microsoft Exchange: http://docs.splunk.com/Documentation/MSExchange
Splunk Add-on for Linux: docs.splunk.com/Documentation/AddOns/released/Linux/About Hope this helps. Thanks! Hunter

Re: How to add Data Sources from different devices to Splunk?

fazilhussain — Wed, 25 Jan 2017 09:30:26 GMT

Thanks Hunters & Dal.
Will try.