Deployment Architecture

Splunk IPv4 to IPv6 conversion

Ephrem32
Explorer

Hi,

I need help converting my splunk IPV4 to Ipv6. The questions have are:

1.What changes need to be made to each server to use Ipv6?

2. What changes need to be made to the splunk deployment server?

3.What changes need to be made to each splunk deployment client.?

4. Are there system changes that need to happen by an admin to let splunk work ipv6?

I would greatly appreciate if each of these questions can be answered to help convert my splunk ipv4 to ipv6 step by step.

 

Thank you,

Ephrem32
Explorer

Please I need help on setting up my splunk to address the new ipv 6 address. Answers to these question who help me alot.

1.What changes need to be made to each server to use Ipv6?

2. What changes need to be made to the splunk deployment server?

3.What changes need to be made to each splunk deployment client.?

4. Are there system changes that need to happen by an admin to let splunk work ipv6?

 

Thank you,

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Your questions should be answered by the document I linked to in my first reply.

---
If this reply helps you, Karma would be appreciated.
0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi @Ephrem32 , Maybe, pls configure a dev/test splunk instance, let it use a ipv6 and use another UF with ipv6, let the UF send logs to the dev/test splunk, once these things are done, you will get confortable with ipv6. Then you can deploy ipv6 for big/full environment. 

 

1.What changes need to be made to each server to use Ipv6? 

this document will have all required details -

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/ConfigureSplunkforIPv6

2. What changes need to be made to the splunk deployment server?

the above link got the answer to this question 2.

3.What changes need to be made to each splunk deployment client.?

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/ConfigureSplunkforIPv6#Forwarding_data_over...

4. Are there system changes that need to happen by an admin to let splunk work ipv6?

Yes, ipv6 is disabled by default. the admin need to configure as updated in this document.

 

Happy Splunking | Best Regards | Sekar | PS - Karma points appreciated!

Ephrem32
Explorer

Hi, 

Thank you for your response,  I am in the process of migrating from IPv4 to IPv6 on our servers and the servers are going to contain ipv6 addresses. 

Can you elaborate your steps regarding  "use another UF with ipv6, let the UF send logs to the dev/test splunk, once these things are done, you will get comfortable with ipv6. Then you can deploy ipv6 for big/full environment"

And also for question 2 and 3 can you point me to the exact part of the document that answers these question.  And for question 4 which document are referring to?

Thank you,

@inventsekar 

0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi @Ephrem32 ...

>>> Can you elaborate your steps regarding  "use another UF with ipv6, let the UF send logs to the dev/test splunk, once these things are done, you will get comfortable with ipv6. Then you can deploy ipv6 for big/full environment" <<<

This is a big task.. this is a full Splunk Design and implementation project. 
from the Splunk documentation, you should check the UF installation, "getting data in", etc.. 


Particularly, as this is a ipv6 stuff, you will face some challenges, for sure. 
when you go thru each stage, if you are struck at somewhere, you can question here. thanks. 

Happy Splunking | Best Regards | Sekar | PS - Karma points appreciated!

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please describe the problem you are trying to solve.  Are you saying you have Splunk installed on servers and those servers are getting new IPv6 addresses?  Or is the data coming in from your sources going to contain IPv6 addresses?  Or something else?

Have you seen what the Docs say about IPv6?  See https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/ConfigureSplunkforIPv6

---
If this reply helps you, Karma would be appreciated.

Ephrem32
Explorer

Hi, 

Thank you for your response, Yes I am in the process of migrating from IPv4 to IPv6 on our servers and the servers are going to contain ipv6 addresses. I need help making sure my splunk setup correctly for the migration to ipv6.

 

Thank you,

@richgalloway  

0 Karma
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...