Spunk deployment - as a data collector/forwarder?

mmioneatdtcc · ‎10-01-2016

I have a somewhat odd deployment idea that I am trying to leverage Splunk for in place of another off the shelf tool. We are in the process of replacing an event management tool that ingests events from multiple end devices and other tools as part of an infrastructure monitoring function. The potential issue is that the to be end visualization tool may not have a mechanism to ingest and normalize multiple data sources (SNMP Traps, Syslog, Email, SCOM events, other monitoring tool events).

So I'm interested to know if Splunk can sit between the various data sources, ingest, normalize and forward those alerts so that this new northbound tool could further process these events for further processing. This is a gross oversimplification however I am just curious to know if anyone has used Splunk in such a way.

If you did I'd like to hear about it.

Thanks,
Mike M

dbcase · ‎10-02-2016

Have a look at this https://answers.splunk.com/answers/110809/sending-events-to-3rd-party-products-e-g-arcsight-with-spl...

mmioneatdtcc · ‎10-01-2016

Hi,

its possible but if we're processing somewhere between the ballpark of 10k to several 100k of events a day (possibly into the millions), I'm not certain if email will scale with the potential volume.

Rgds,
Mike M

dbcase · ‎10-01-2016

One simple way is that most off the shelf monitoring tools can accept incoming emails and use them for alerts. You could have Splunk Alert->send email to the northbound monitoring system, would something like that work?

Spunk deployment - as a data collector/forwarder?

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...