All Apps and Add-ons

Can the traffic be collapsed via Packet Broker or some other technology to feed both directions into a single port in Splunk Streams?

umplebyj
Explorer

Hey, I have a question regarding splunk streams getting data feeds from a network tap. Can the traffic be collapsed via Packet Broker or some other technology to feed both directions into a single port? I'm pretty sure it can be since it's just listening to traffic coming in period and capturing data from it, but want to make sure I don't have to separate out directions going each way.

0 Karma
1 Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee

hi @umplebyj,

I believe it is possible if your hardware (Packet Broker, monitoring switch, etc) supports this. The obvious caveat is that you'd still be using only ingress (Rx) bandwidth on your capture port, so you will need to make sure you're not overloading it with the merged traffic.

Stream can also monitor two separate ports (one for ingress and the other for egress part of the traffic) as a part of a single monitoring setup. I'd recommend this approach unless you have specific reasons against it.

HTH

View solution in original post

0 Karma

vshcherbakov_sp
Splunk Employee
Splunk Employee

hi @umplebyj,

I believe it is possible if your hardware (Packet Broker, monitoring switch, etc) supports this. The obvious caveat is that you'd still be using only ingress (Rx) bandwidth on your capture port, so you will need to make sure you're not overloading it with the merged traffic.

Stream can also monitor two separate ports (one for ingress and the other for egress part of the traffic) as a part of a single monitoring setup. I'd recommend this approach unless you have specific reasons against it.

HTH

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...