All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get the Splunk App for Stream to capture both interfaces on my machine, not just one?

rubeniturrieta
Communicator
‎06-23-2015 02:16 PM

Hi to everyone

I have a new Splunk instance with the Splunk App for Stream with default installation. In my machine, I have two interfaces: the first, for Internet, and the second, in promiscuous mode, with the whole network traffic (I'm sure about that, I saw it in Wireshark).
However, in Splunk App for Stream, I can only see the first interface, traffic. How can I solve this?

Thanks you very much

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎06-23-2015 02:24 PM

Hello rubeniturrieta,

you need to specify the interface you want App for Stream to capture on in etc/apps/Splunk_TA_stream/local/streamfwd.xml file. See http://docs.splunk.com/Documentation/StreamApp/6.3.0/DeployStreamApp/ConfigureStreamForwarder#Use_XM...

HTH

View solution in original post

Reply
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎06-23-2015 02:24 PM

Hello rubeniturrieta,

you need to specify the interface you want App for Stream to capture on in etc/apps/Splunk_TA_stream/local/streamfwd.xml file. See http://docs.splunk.com/Documentation/StreamApp/6.3.0/DeployStreamApp/ConfigureStreamForwarder#Use_XM...

HTH

Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top