All Apps and Add-ons

Anyone Running Splunk App for Stream v6.0

Builder

Is anyone running Splunk for Stream? If so, what use case are you trying to accomplish and/or how is it implemented?

  • Are you trying to add or replace an existing network recorder, or trying to obtain data that was otherwise unavailable?
  • Are you configuring span ports for the UF's?
  • How would you use this in a "cloud" environment?

Thanks

Tags (1)
0 Karma

Builder

Is anyone able to get the Splunk Stream Examples app to work? I see sourctype=exec logs from the client python script, but the server python script looks to be just bootstrapping over and over. I see no stream data.

Thanks

0 Karma

  1. We use PacketPortal SFProbes from JDSU to get copies of selected Ethernet frames / IP packets from remote network locations back to our central OpenStack cloud.
  2. The PacketPortal product can provide these packet copies on virtual NICs which look like taps/port mirrors/span ports to streamfwd which we deployed onto a Universal Forwarder using Splunk's Deployment Manager.
  3. The virtual NICs, as well as Universal Forwarder with streamfwd run on a VM with Ubuntu 12.04 LTS as guest OS on a OpenStack community cloud. Splunk (indexers, search heads) run on other VMs in the same cloud.

Path Finder

i was able to get Splunk App for Stream to work by following the tips in this thread: http://answers.splunk.com/answers/150534/splunk-app-for-stream-installation-missing-directories-wire...

my plan it to be able to sniff network traffic directly from a network TAP.
i posted a question about this in this thread:
http://answers.splunk.com/answers/151001/how-to-install-and-configure-splunk-app-for-stream-with-a-n...

i hope this helps. enjoy!

0 Karma

Builder

There is also an update for the Stream App, 6.0.1.

0 Karma

Builder

Are you able to get application data, or just metadata from the connections, i.e. protocol, port, etc.

0 Karma

Builder

Bump. Any info would be appreciated. ^^^

0 Karma

Builder

I have the app installed on a dev ubuntu box. It is logging metadata about tcp/udp connections. Is stream supposed to supply application specific data as well? I read where it is able to understand HTTP, SQL, DNS, etc. I was expecting to see more application data for those protocols, but I don't.

I also installed the Stream examples app. It has some searches I would like to review, but no data is being returned. I see some python scripts trying to generate data but nothing is showing up as stream data or displaying in the stream examples app.

Thanks

0 Karma