All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Network Toolkit - Question

ricky_riswanto
Engager
‎07-14-2020 09:11 PM

Hi All, 

Needs your info and suggestion, can we use this app https://splunkbase.splunk.com/app/3491/#/details  to get network hierarchy automatically? like network auto discovered? 

If not, does splunk has network auto discovery feature or mechanism?

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Spranta
Splunk Employee
Splunk Employee
‎07-15-2020 06:19 AM

You can, for example, create a script that pings  a whole subnet and write the output into a csv so you can use this to create the inputs.conf automatically, or you might have a cmdb that can create such a csv?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

lekanneer
Loves-to-Learn Lots
‎04-10-2021 08:09 AM

I think it is better to import network communcation logs and then update them in my solution.

If you're looking for an efficient and functional ServiceNow to Splunk integration (also CMDB) take a look at: https://www.thedutchdatadifference.nl/splunk-servicenow/

I created that solution and continuously adding new features. It is meant to host all sorts of nodes and relationships. And I can imagine that the network communication logs can be one of them. And then even combine with what is already defined in CMDB.

0 Karma
Reply
Solved! Jump to solution

Spranta
Splunk Employee
Splunk Employee
‎07-15-2020 05:42 AM

Hi Ricky,

as far as i know the network toolkit doesn't have any autodiscovery features.
We are creating are our input for the network toolkit from a csv file, so if you have any tool that is able to create a csv or whatever you can for example use a python script to feed the inputs.conf

 

Alex

0 Karma
Reply
Solved! Jump to solution

ricky_riswanto
Engager
‎07-15-2020 06:06 AM

Hi Alex,


Thanks for your response, understand your point to create input.conf file. But somehow if we need to define all ip address into input.conf manually then it will not efficient.

Btw, can we use "traceroute" operation to collect route ip and gets flow network?      

Tags (1)
0 Karma
Reply
Solved! Jump to solution
Solution

Spranta
Splunk Employee
Splunk Employee
‎07-15-2020 06:19 AM

You can, for example, create a script that pings  a whole subnet and write the output into a csv so you can use this to create the inputs.conf automatically, or you might have a cmdb that can create such a csv?

0 Karma
Reply
Solved! Jump to solution

ricky_riswanto
Engager
‎07-15-2020 07:17 AM

Hi Alex,

Yes agree cmdb if better option for master data reference ip address. So we can lookup into cmdb then convert into input.conf file. Btw, did fping available on input.conf?

Tags (1)
0 Karma
Reply
Solved! Jump to solution

Spranta
Splunk Employee
Splunk Employee
‎07-15-2020 07:21 AM

No i don't think that fping is available.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...