Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk for telecom
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk for telecom
Hi,
I am trying to collect use cases in the telecom industry. Can someone tell me how splunk is useful in detecting network abusers.What kind of information does it capture from network logs and what kind of dashboards can we make.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From network logs, like Ayn said, it captures anything you can export to it. It's up to the admin to filter those logs for relevant information.
For example, with out ASAs, I'm able to see who logs into the VPN the most, which IPs generate the most URL requests, which IP addresses have the most outbound traffic (in number of requests, not bandwidth), and so forth.
If you want to find network abusers (such as people who download excessive amounts of data), you'll want to combine Splunk with a tool that'll monitor bandwidth and activity.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bhavna, from a personal experience with one of the major comms group over the past years, with Splunk for some of that time and all on VoIP / SIP, there is a wide range of application areas. The edge devices are a clear point of interest but there is also GPG13 cover in the plug-ins re abuse. CDR analysis is clearly a good point to be covered using the log analysis but so is QoS if you have a mind to.
There are also plug-ins here (see Apps) for Cisco Call Managers iro voice, but it is not limited to that product iro voice - the same would go for Avaya and Siemens platforms.
In terms of purer network traffic voice, or data you will find a wide range of apps / plug-ins and some drilling down to a good depth for IDS / IPS.
Good luck in your journey.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm guessing you could get much more relevant information if you contact Splunk sales than if you ask a question here. They'll surely have examples of how Splunk is / can be used within the telecom industry.
That said, with regards to your questions - "What kind of information does it capture from network logs and what kind of dashboards can we make." - it captures whatever you throw at it. As long as it's some kind of text data, preferrably but necessarily with timestamps in it, Splunk can index it. What kind of dashboards you can make is entirely up to you. Splunk comes with a rich framework for creating dashboards, you have a great number of different modules at your disposal for doing so.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
SplunkTrust Application Period is Officially OPEN!
Announcing Modern Navigation: A New Era of Splunk User Experience
