Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Forward data from Netscout to Splunk

Rizqi_Iskandar
Loves-to-Learn Lots
‎07-16-2024 11:11 PM

Hello everyone, im new in Splunk and still need a lot to know.

I want to ask question, how to forward data in JSON format from Netscout to Splunk? Should i use Univ Forwarder or maybe App on SplunkBase?

Thanks for the attention

#Netscout #JSON

Labels (2)
Labels
0 Karma
Reply

deepakc
Builder
‎07-16-2024 11:53 PM

At a high level:

1. I would first look at the integration manual they state in the app -  - Omnis Data Streamer 6.3.5 Splunk Integration Guide - look for data onboarding or something on those lines. 

2. The App you have is just for mainly displaying data and, I think you would need the look the the TA - NETSCOUT Omnis Data Streamer App Add-on | Splunkbase (This is what helps get the data parsed and in to splunk) 

Start by working out your exact Netscout device and the options it provides in terms of data (json/syslog/log files etc), look at the manual and workout what they suggest and follow that plan, test it and ingest it. Then use the App to help display the results.     

Splunk has many options in getting data in, UF/Syslog/HEC and supports many different formats of data, such as Json, but first you must do some home work and work out the details. 

 

 

0 Karma
Reply

Rizqi_Iskandar
Loves-to-Learn Lots
‎07-18-2024 12:19 AM

The Omnis Data Streamer cant have agent installed there. So, the option is when Splunk installed on the same environment with Omnis is using HEC but i havent try this. The syslog one is also not detail enough to display the data requested by customer. The file format is JSON but its generated by Apache Kafka. And also Add on on Splunk Base about Omnis Data Streamer dont have any configuration in it. So i guess the configuration is in the Kafka's side which is generated the JSON file format from Omnis.

So, should i use HEC since we cant install agent in it and syslog is not detail enough

Please give me advice

Thanks

0 Karma
Reply

deepakc
Builder
‎07-18-2024 01:44 AM

Yes HEC is often used when you cant use UF/syslog etc. 

 

https://docs.splunk.com/Documentation/Splunk/9.2.2/Data/UsetheHTTPEventCollector 

 

0 Karma
Reply

Rizqi_Iskandar
Loves-to-Learn Lots
‎07-21-2024 07:44 PM

Okey then, i will try to do with this method.

Thanks for the respond

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...