Getting Data In

Ingesting Data from an Isolated Network

Moose
Loves-to-Learn

I have a client that has Splunk deployed on their business network, and they would like to ingest data from an isolated network. The isolated network can send data outbound, but not receive inbound connections/communications. My recommendation was to collect the data on the isolated network and push it out to Splunk via one way file transfer. Then have Splunk monitor the file(s).  Has anyone else run into this scenario? If so, how did you architect a solution and was it successful? My assumption is that Universal Forwarders will not work in this situation because they require two way communication via TCP.

Thank you

Labels (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

So the "isolated" network is not truly isolated.  No problem.  Install one or more UFs on the network to send the desired data to Splunk.    All required UF communication is initiated by the UF so there's no need for "two-way" (all TCP is 2-way) communication.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

ATTENTION!! We’re MOVING (not really)

Hey, all! In an effort to keep this Slack workspace secure and also to make our new members' experience easy, ...

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

  Whether you're running a complex Splunk deployment or just getting your bearings as a new admin, .conf25 ...

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...