Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Forward data from Netscout to Splunk

Rizqi_Iskandar
Loves-to-Learn Lots
‎07-16-2024 11:11 PM

Hello everyone, im new in Splunk and still need a lot to know.

I want to ask question, how to forward data in JSON format from Netscout to Splunk? Should i use Univ Forwarder or maybe App on SplunkBase?

Thanks for the attention

#Netscout #JSON

Labels (2)
Labels
0 Karma
Reply

deepakc
Builder
‎07-16-2024 11:53 PM

At a high level:

1. I would first look at the integration manual they state in the app -  - Omnis Data Streamer 6.3.5 Splunk Integration Guide - look for data onboarding or something on those lines. 

2. The App you have is just for mainly displaying data and, I think you would need the look the the TA - NETSCOUT Omnis Data Streamer App Add-on | Splunkbase (This is what helps get the data parsed and in to splunk) 

Start by working out your exact Netscout device and the options it provides in terms of data (json/syslog/log files etc), look at the manual and workout what they suggest and follow that plan, test it and ingest it. Then use the App to help display the results.     

Splunk has many options in getting data in, UF/Syslog/HEC and supports many different formats of data, such as Json, but first you must do some home work and work out the details. 

 

 

0 Karma
Reply

Rizqi_Iskandar
Loves-to-Learn Lots
‎07-18-2024 12:19 AM

The Omnis Data Streamer cant have agent installed there. So, the option is when Splunk installed on the same environment with Omnis is using HEC but i havent try this. The syslog one is also not detail enough to display the data requested by customer. The file format is JSON but its generated by Apache Kafka. And also Add on on Splunk Base about Omnis Data Streamer dont have any configuration in it. So i guess the configuration is in the Kafka's side which is generated the JSON file format from Omnis.

So, should i use HEC since we cant install agent in it and syslog is not detail enough

Please give me advice

Thanks

0 Karma
Reply

deepakc
Builder
‎07-18-2024 01:44 AM

Yes HEC is often used when you cant use UF/syslog etc. 

 

https://docs.splunk.com/Documentation/Splunk/9.2.2/Data/UsetheHTTPEventCollector 

 

0 Karma
Reply

Rizqi_Iskandar
Loves-to-Learn Lots
‎07-21-2024 07:44 PM

Okey then, i will try to do with this method.

Thanks for the respond

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...