All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Anyone Running Splunk App for Stream v6.0

jodros
Builder
‎08-12-2014 01:04 PM

Is anyone running Splunk for Stream? If so, what use case are you trying to accomplish and/or how is it implemented?

  • Are you trying to add or replace an existing network recorder, or trying to obtain data that was otherwise unavailable?
  • Are you configuring span ports for the UF's?
  • How would you use this in a "cloud" environment?

Thanks

Tags (1)
0 Karma
Reply

jodros
Builder
‎10-29-2014 07:27 AM

Is anyone able to get the Splunk Stream Examples app to work? I see sourctype=exec logs from the client python script, but the server python script looks to be just bootstrapping over and over. I see no stream data.

Thanks

0 Karma
Reply

rolf_sommerhald
Explorer
‎08-28-2014 06:49 AM
  1. We use PacketPortal SFProbes from JDSU to get copies of selected Ethernet frames / IP packets from remote network locations back to our central OpenStack cloud.
  2. The PacketPortal product can provide these packet copies on virtual NICs which look like taps/port mirrors/span ports to streamfwd which we deployed onto a Universal Forwarder using Splunk's Deployment Manager.
  3. The virtual NICs, as well as Universal Forwarder with streamfwd run on a VM with Ubuntu 12.04 LTS as guest OS on a OpenStack community cloud. Splunk (indexers, search heads) run on other VMs in the same cloud.
Reply

rdeleonsplunk
Path Finder
‎08-18-2014 04:06 PM

i was able to get Splunk App for Stream to work by following the tips in this thread: http://answers.splunk.com/answers/150534/splunk-app-for-stream-installation-missing-directories-wire...

my plan it to be able to sniff network traffic directly from a network TAP.
i posted a question about this in this thread:
http://answers.splunk.com/answers/151001/how-to-install-and-configure-splunk-app-for-stream-with-a-n...

i hope this helps. enjoy!

0 Karma
Reply

jodros
Builder
‎08-20-2014 05:45 AM

There is also an update for the Stream App, 6.0.1.

0 Karma
Reply

jodros
Builder
‎08-20-2014 05:35 AM

Are you able to get application data, or just metadata from the connections, i.e. protocol, port, etc.

0 Karma
Reply

jodros
Builder
‎08-18-2014 08:17 AM

Bump. Any info would be appreciated. ^^^

0 Karma
Reply

jodros
Builder
‎08-15-2014 11:11 AM

I have the app installed on a dev ubuntu box. It is logging metadata about tcp/udp connections. Is stream supposed to supply application specific data as well? I read where it is able to understand HTTP, SQL, DNS, etc. I was expecting to see more application data for those protocols, but I don't.

I also installed the Stream examples app. It has some searches I would like to review, but no data is being returned. I see some python scripts trying to generate data but nothing is showing up as stream data or displaying in the stream examples app.

Thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...