How to index Infoblox data in Splunk?

pbernardin · ‎01-13-2015

Hi.

I have seen a few posts on Infoblox > Splunk, but not much. Does anyone have infoblox data coming over to splunk successfully? I tried to point Infoblox to my Splunk heavy forwarder via udp but I am not seeing any data yet. Do I need to do via tcp? Is customization needed to be able to start seeing the data over on splunk ?

Thanks for any info,
Paul

princemanto2580 · ‎12-21-2016

Hi,

I have collected the Infoblox log in CEF format and try to forward it from Universal Forwarder. But still struggling with data on-board.

[monitor:///opt/log/infoblox01/cef.log]
disabled = 0
host = infoblox01
sourcetype = cef.log
index = infoblox

Appreciated if any suggestion or recommendation from Splunker.

TonyLeeVT · ‎02-29-2016

The TA is here: https://splunkbase.splunk.com/app/2934/#/overview
(The TA includes some panels for DNS and one for DHCP.)

Documentation is here: http://docs.splunk.com/Documentation/AddOns/latest/Infoblox/About

Enjoy!

mreynov_splunk · ‎08-10-2015

There have been some conf files floating around, but Splunk is about to release a TA-infoblox soon. Let me know if you still need this.

korstiaan · ‎09-29-2015

I'm interested in this TA as well.

How to index Infoblox data in Splunk?

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!