All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Anyone Running Splunk App for Stream v6.0

jodros
Builder
‎08-12-2014 01:04 PM

Is anyone running Splunk for Stream? If so, what use case are you trying to accomplish and/or how is it implemented?

  • Are you trying to add or replace an existing network recorder, or trying to obtain data that was otherwise unavailable?
  • Are you configuring span ports for the UF's?
  • How would you use this in a "cloud" environment?

Thanks

Tags (1)
0 Karma
Reply

jodros
Builder
‎10-29-2014 07:27 AM

Is anyone able to get the Splunk Stream Examples app to work? I see sourctype=exec logs from the client python script, but the server python script looks to be just bootstrapping over and over. I see no stream data.

Thanks

0 Karma
Reply

rolf_sommerhald
Explorer
‎08-28-2014 06:49 AM
  1. We use PacketPortal SFProbes from JDSU to get copies of selected Ethernet frames / IP packets from remote network locations back to our central OpenStack cloud.
  2. The PacketPortal product can provide these packet copies on virtual NICs which look like taps/port mirrors/span ports to streamfwd which we deployed onto a Universal Forwarder using Splunk's Deployment Manager.
  3. The virtual NICs, as well as Universal Forwarder with streamfwd run on a VM with Ubuntu 12.04 LTS as guest OS on a OpenStack community cloud. Splunk (indexers, search heads) run on other VMs in the same cloud.
Reply

rdeleonsplunk
Path Finder
‎08-18-2014 04:06 PM

i was able to get Splunk App for Stream to work by following the tips in this thread: http://answers.splunk.com/answers/150534/splunk-app-for-stream-installation-missing-directories-wire...

my plan it to be able to sniff network traffic directly from a network TAP.
i posted a question about this in this thread:
http://answers.splunk.com/answers/151001/how-to-install-and-configure-splunk-app-for-stream-with-a-n...

i hope this helps. enjoy!

0 Karma
Reply

jodros
Builder
‎08-20-2014 05:45 AM

There is also an update for the Stream App, 6.0.1.

0 Karma
Reply

jodros
Builder
‎08-20-2014 05:35 AM

Are you able to get application data, or just metadata from the connections, i.e. protocol, port, etc.

0 Karma
Reply

jodros
Builder
‎08-18-2014 08:17 AM

Bump. Any info would be appreciated. ^^^

0 Karma
Reply

jodros
Builder
‎08-15-2014 11:11 AM

I have the app installed on a dev ubuntu box. It is logging metadata about tcp/udp connections. Is stream supposed to supply application specific data as well? I read where it is able to understand HTTP, SQL, DNS, etc. I was expecting to see more application data for those protocols, but I don't.

I also installed the Stream examples app. It has some searches I would like to review, but no data is being returned. I see some python scripts trying to generate data but nothing is showing up as stream data or displaying in the stream examples app.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...