All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Network Toolkit - Question

ricky_riswanto
Engager
‎07-14-2020 09:11 PM

Hi All, 

Needs your info and suggestion, can we use this app https://splunkbase.splunk.com/app/3491/#/details  to get network hierarchy automatically? like network auto discovered? 

If not, does splunk has network auto discovery feature or mechanism?

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Spranta
Splunk Employee
Splunk Employee
‎07-15-2020 06:19 AM

You can, for example, create a script that pings  a whole subnet and write the output into a csv so you can use this to create the inputs.conf automatically, or you might have a cmdb that can create such a csv?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

lekanneer
Loves-to-Learn Lots
‎04-10-2021 08:09 AM

I think it is better to import network communcation logs and then update them in my solution.

If you're looking for an efficient and functional ServiceNow to Splunk integration (also CMDB) take a look at: https://www.thedutchdatadifference.nl/splunk-servicenow/

I created that solution and continuously adding new features. It is meant to host all sorts of nodes and relationships. And I can imagine that the network communication logs can be one of them. And then even combine with what is already defined in CMDB.

0 Karma
Reply
Solved! Jump to solution

Spranta
Splunk Employee
Splunk Employee
‎07-15-2020 05:42 AM

Hi Ricky,

as far as i know the network toolkit doesn't have any autodiscovery features.
We are creating are our input for the network toolkit from a csv file, so if you have any tool that is able to create a csv or whatever you can for example use a python script to feed the inputs.conf

 

Alex

0 Karma
Reply
Solved! Jump to solution

ricky_riswanto
Engager
‎07-15-2020 06:06 AM

Hi Alex,


Thanks for your response, understand your point to create input.conf file. But somehow if we need to define all ip address into input.conf manually then it will not efficient.

Btw, can we use "traceroute" operation to collect route ip and gets flow network?      

Tags (1)
0 Karma
Reply
Solved! Jump to solution
Solution

Spranta
Splunk Employee
Splunk Employee
‎07-15-2020 06:19 AM

You can, for example, create a script that pings  a whole subnet and write the output into a csv so you can use this to create the inputs.conf automatically, or you might have a cmdb that can create such a csv?

0 Karma
Reply
Solved! Jump to solution

ricky_riswanto
Engager
‎07-15-2020 07:17 AM

Hi Alex,

Yes agree cmdb if better option for master data reference ip address. So we can lookup into cmdb then convert into input.conf file. Btw, did fping available on input.conf?

Tags (1)
0 Karma
Reply
Solved! Jump to solution

Spranta
Splunk Employee
Splunk Employee
‎07-15-2020 07:21 AM

No i don't think that fping is available.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In April, the Splunk Threat Research Team had 2 releases of new security content via the Enterprise Security ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

It’s go time — Boston, here we come!

Are you ready to take your Splunk skills to the next level? Get set, because Splunk University is back, and ...
Top