Deployment Architecture

Splunk IPv4 to IPv6 conversion

Ephrem32
Explorer

Hi,

I need help converting my splunk IPV4 to Ipv6. The questions have are:

1.What changes need to be made to each server to use Ipv6?

2. What changes need to be made to the splunk deployment server?

3.What changes need to be made to each splunk deployment client.?

4. Are there system changes that need to happen by an admin to let splunk work ipv6?

I would greatly appreciate if each of these questions can be answered to help convert my splunk ipv4 to ipv6 step by step.

 

Thank you,

Ephrem32
Explorer

Please I need help on setting up my splunk to address the new ipv 6 address. Answers to these question who help me alot.

1.What changes need to be made to each server to use Ipv6?

2. What changes need to be made to the splunk deployment server?

3.What changes need to be made to each splunk deployment client.?

4. Are there system changes that need to happen by an admin to let splunk work ipv6?

 

Thank you,

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Your questions should be answered by the document I linked to in my first reply.

---
If this reply helps you, Karma would be appreciated.
0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi @Ephrem32 , Maybe, pls configure a dev/test splunk instance, let it use a ipv6 and use another UF with ipv6, let the UF send logs to the dev/test splunk, once these things are done, you will get confortable with ipv6. Then you can deploy ipv6 for big/full environment. 

 

1.What changes need to be made to each server to use Ipv6? 

this document will have all required details -

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/ConfigureSplunkforIPv6

2. What changes need to be made to the splunk deployment server?

the above link got the answer to this question 2.

3.What changes need to be made to each splunk deployment client.?

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/ConfigureSplunkforIPv6#Forwarding_data_over...

4. Are there system changes that need to happen by an admin to let splunk work ipv6?

Yes, ipv6 is disabled by default. the admin need to configure as updated in this document.

 

Happy Splunking | Best Regards | Sekar | PS - Karma points appreciated!

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

Ephrem32
Explorer

Hi, 

Thank you for your response,  I am in the process of migrating from IPv4 to IPv6 on our servers and the servers are going to contain ipv6 addresses. 

Can you elaborate your steps regarding  "use another UF with ipv6, let the UF send logs to the dev/test splunk, once these things are done, you will get comfortable with ipv6. Then you can deploy ipv6 for big/full environment"

And also for question 2 and 3 can you point me to the exact part of the document that answers these question.  And for question 4 which document are referring to?

Thank you,

@inventsekar 

0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi @Ephrem32 ...

>>> Can you elaborate your steps regarding  "use another UF with ipv6, let the UF send logs to the dev/test splunk, once these things are done, you will get comfortable with ipv6. Then you can deploy ipv6 for big/full environment" <<<

This is a big task.. this is a full Splunk Design and implementation project. 
from the Splunk documentation, you should check the UF installation, "getting data in", etc.. 


Particularly, as this is a ipv6 stuff, you will face some challenges, for sure. 
when you go thru each stage, if you are struck at somewhere, you can question here. thanks. 

Happy Splunking | Best Regards | Sekar | PS - Karma points appreciated!

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please describe the problem you are trying to solve.  Are you saying you have Splunk installed on servers and those servers are getting new IPv6 addresses?  Or is the data coming in from your sources going to contain IPv6 addresses?  Or something else?

Have you seen what the Docs say about IPv6?  See https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/ConfigureSplunkforIPv6

---
If this reply helps you, Karma would be appreciated.

Ephrem32
Explorer

Hi, 

Thank you for your response, Yes I am in the process of migrating from IPv4 to IPv6 on our servers and the servers are going to contain ipv6 addresses. I need help making sure my splunk setup correctly for the migration to ipv6.

 

Thank you,

@richgalloway  

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...