Deployment Architecture

All systems showing same IP Addresses in Forwarder Management

DEADBEEF
Path Finder

My deployment server sits behind a load balancer.  What I have noticed is that on the DS under Forwarder Management (Clients tab), all my UFs phoning home now appear with the same IP address (they have unique client names, host name, instance name).

Is there a macro or something on the back end that I can update to display the true IP address of each system phoning home?  The true source IP is showing in in metrics.log so I'd like to modify the existing SPL to use the IP from metrics rather than wherever it's getting it from.

Labels (2)
0 Karma

daniaabujuma
Explorer

Hello, I know this was a while ago but were you able to find a solution for this issue?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

I suppose that your LB has configured so that all client connections has masked to its internal IP. You should as your network staff to fix it. The fix is dependent on what LB you are using.

r. Ismo

0 Karma

daniaabujuma
Explorer

Hi @isoutamo ,

Thanks for your reply. The IP showing for all clients is the deployment server IP. Do you have any idea what could be the issue?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @daniaabujuma ,

as @isoutamo said, you have to configure your Load Balancer in transparent mode to use the source IP.

Only one question: why are you using a Load Balancer for the Deployment Server?

You don't need to duplicate it because it isn't a Single Point of Failure and your infrastructure work also without it, so why it?

it's a unuseful component that add issues to your architecture.

Ciao.

Giuseppe  

0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...