All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Get attributes with NIC and VLAN IDs?

rolf_sommerhald
Explorer
‎08-28-2014 07:19 AM

Is there any possibility to receive attributes on which network interface and/or VLAN ID streamfwd has received a packet?

Can the reactor be customized so that it provides these and additional attributes, notably additional fields after dissecting DNS flows?

If not, can you please consider this as a feature request?
(How shall we submit submit feature requests best, not being (yet) customers with a maintenance contract?)

0 Karma
Reply

mathiask
Communicator
‎10-02-2015 12:00 AM

Sounds awesome

I think it would be good to have
- receiving interface name
- receiving port
In many cases the port might be already enough, but we have to go through a virtual interface so

The previously mentioned VLAN tags is rather something for the flow layer...
It might help if you process traffic from one network domain, but if the processed traffic originates from different networks with their own VLAN tag allocation... out of luck 🙂

0 Karma
Reply

csharp_splunk
Splunk Employee
Splunk Employee
‎10-01-2015 04:17 PM

Sadly we haven't done this yet. I'm looking into getting this in the next release.

Reply

mathiask
Communicator
‎10-01-2015 01:59 AM

Hi Splunkers

Any Update on this front?

Use Case
Im forwarding Traffic from different sources to the stream processing instance.
But I would like to later be able to distinguish the traffic from the different sources.
Solution 1 : Create for each source a separate processing instance ...
Solution 2 : Install multiple ufwd on the instance using different identifiers
Solution 3 : Process all the traffic on the same instance, but have it tagged by receiving interface name on the streamfwd.

Solution 3 would be the best.
Solution 2 might work ...

Greetings

0 Karma
Reply

csharp_splunk
Splunk Employee
Splunk Employee
‎08-29-2014 02:44 PM

Perfectly fine place to request features! Clayton has put this in the backlog for you, and we'll look into doing this in the next release. It's not much work, so we'll likely be able to deliver.

What additional data are you looking for from DNS?

0 Karma
Reply

cching_splunk
Splunk Employee
Splunk Employee
‎08-28-2014 03:17 PM

This is not possible at this time and something we will have to do further investigation.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...