Is anyone streaming network traces into Splunk? I am aware of the stream app for splunk but is there a way of streaming data from other kinds of devices that capture wire data that is not host based?
Sure, you could use tcpdump
(or any network tool), redirect STDOUT
to nc
which is pointing to a syslog server listener socket, which is configured to forward into your indexer tier. Every geek should know how to use nc
("netcat") to build pipeline glue.