Deployment Architecture

Splunk IPv4 to IPv6 conversion

Ephrem32
Explorer

Hi,

I need help converting my splunk IPV4 to Ipv6. The questions have are:

1.What changes need to be made to each server to use Ipv6?

2. What changes need to be made to the splunk deployment server?

3.What changes need to be made to each splunk deployment client.?

4. Are there system changes that need to happen by an admin to let splunk work ipv6?

I would greatly appreciate if each of these questions can be answered to help convert my splunk ipv4 to ipv6 step by step.

 

Thank you,

Ephrem32
Explorer

Please I need help on setting up my splunk to address the new ipv 6 address. Answers to these question who help me alot.

1.What changes need to be made to each server to use Ipv6?

2. What changes need to be made to the splunk deployment server?

3.What changes need to be made to each splunk deployment client.?

4. Are there system changes that need to happen by an admin to let splunk work ipv6?

 

Thank you,

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Your questions should be answered by the document I linked to in my first reply.

---
If this reply helps you, Karma would be appreciated.
0 Karma

inventsekar
Super Champion

Hi @Ephrem32 , Maybe, pls configure a dev/test splunk instance, let it use a ipv6 and use another UF with ipv6, let the UF send logs to the dev/test splunk, once these things are done, you will get confortable with ipv6. Then you can deploy ipv6 for big/full environment. 

 

1.What changes need to be made to each server to use Ipv6? 

this document will have all required details -

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/ConfigureSplunkforIPv6

2. What changes need to be made to the splunk deployment server?

the above link got the answer to this question 2.

3.What changes need to be made to each splunk deployment client.?

https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/ConfigureSplunkforIPv6#Forwarding_data_over...

4. Are there system changes that need to happen by an admin to let splunk work ipv6?

Yes, ipv6 is disabled by default. the admin need to configure as updated in this document.

 

Happy Splunking | Best Regards | Sekar | PS - Karma points appreciated!

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.

Ephrem32
Explorer

Hi, 

Thank you for your response,  I am in the process of migrating from IPv4 to IPv6 on our servers and the servers are going to contain ipv6 addresses. 

Can you elaborate your steps regarding  "use another UF with ipv6, let the UF send logs to the dev/test splunk, once these things are done, you will get comfortable with ipv6. Then you can deploy ipv6 for big/full environment"

And also for question 2 and 3 can you point me to the exact part of the document that answers these question.  And for question 4 which document are referring to?

Thank you,

@inventsekar 

0 Karma

inventsekar
Super Champion

Hi @Ephrem32 ...

>>> Can you elaborate your steps regarding  "use another UF with ipv6, let the UF send logs to the dev/test splunk, once these things are done, you will get comfortable with ipv6. Then you can deploy ipv6 for big/full environment" <<<

This is a big task.. this is a full Splunk Design and implementation project. 
from the Splunk documentation, you should check the UF installation, "getting data in", etc.. 


Particularly, as this is a ipv6 stuff, you will face some challenges, for sure. 
when you go thru each stage, if you are struck at somewhere, you can question here. thanks. 

Happy Splunking | Best Regards | Sekar | PS - Karma points appreciated!

 

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please describe the problem you are trying to solve.  Are you saying you have Splunk installed on servers and those servers are getting new IPv6 addresses?  Or is the data coming in from your sources going to contain IPv6 addresses?  Or something else?

Have you seen what the Docs say about IPv6?  See https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/ConfigureSplunkforIPv6

---
If this reply helps you, Karma would be appreciated.

Ephrem32
Explorer

Hi, 

Thank you for your response, Yes I am in the process of migrating from IPv4 to IPv6 on our servers and the servers are going to contain ipv6 addresses. I need help making sure my splunk setup correctly for the migration to ipv6.

 

Thank you,

@richgalloway  

0 Karma
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...