Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Forward data from Netscout to Splunk

Rizqi_Iskandar
Loves-to-Learn Lots
‎07-16-2024 11:11 PM

Hello everyone, im new in Splunk and still need a lot to know.

I want to ask question, how to forward data in JSON format from Netscout to Splunk? Should i use Univ Forwarder or maybe App on SplunkBase?

Thanks for the attention

#Netscout #JSON

Labels (2)
Labels
0 Karma
Reply

deepakc
Builder
‎07-16-2024 11:53 PM

At a high level:

1. I would first look at the integration manual they state in the app -  - Omnis Data Streamer 6.3.5 Splunk Integration Guide - look for data onboarding or something on those lines. 

2. The App you have is just for mainly displaying data and, I think you would need the look the the TA - NETSCOUT Omnis Data Streamer App Add-on | Splunkbase (This is what helps get the data parsed and in to splunk) 

Start by working out your exact Netscout device and the options it provides in terms of data (json/syslog/log files etc), look at the manual and workout what they suggest and follow that plan, test it and ingest it. Then use the App to help display the results.     

Splunk has many options in getting data in, UF/Syslog/HEC and supports many different formats of data, such as Json, but first you must do some home work and work out the details. 

 

 

0 Karma
Reply

Rizqi_Iskandar
Loves-to-Learn Lots
‎07-18-2024 12:19 AM

The Omnis Data Streamer cant have agent installed there. So, the option is when Splunk installed on the same environment with Omnis is using HEC but i havent try this. The syslog one is also not detail enough to display the data requested by customer. The file format is JSON but its generated by Apache Kafka. And also Add on on Splunk Base about Omnis Data Streamer dont have any configuration in it. So i guess the configuration is in the Kafka's side which is generated the JSON file format from Omnis.

So, should i use HEC since we cant install agent in it and syslog is not detail enough

Please give me advice

Thanks

0 Karma
Reply

deepakc
Builder
‎07-18-2024 01:44 AM

Yes HEC is often used when you cant use UF/syslog etc. 

 

https://docs.splunk.com/Documentation/Splunk/9.2.2/Data/UsetheHTTPEventCollector 

 

0 Karma
Reply

Rizqi_Iskandar
Loves-to-Learn Lots
‎07-21-2024 07:44 PM

Okey then, i will try to do with this method.

Thanks for the respond

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...