Getting Data In

Splunk network monitoring

perfecto25
Path Finder

Hello, I am trying to figure out hwo we can use Splunk to monitor and report on our network,

specifically I need to catch network errors for things like,

  1. dropped packets or connections
  2. any kind of network error
  3. blockage by firewall or switch ACL
  4. any other form of connection data

I tried Splunk Stream, which gives us a lot of data of general chatter and bandwidth info, but its not very useful for detecting network errors or troubleshooting problems

Is there an app or examples on how to set something like this up? Thanks.

0 Karma

NetFlow_Logic
Contributor

You may need to collect the following data in Splunk:

*>dropped packets or connections
*>any kind of network error

You can get this information from SNMP polling/traps or sFlow counters or certain NetFlow/IPFIX records

*>blockage by firewall or switch ACL
syslogs or NetFlow data

*>any other form of connection data
NetFlow, sFlow, IPFIX

We are a Splunk partner and we provide all this data (except syslog, which is natively ingested by Splunk) with our product - NetFlow Optimizer.

Try it for free by visiting https://www.netflowlogic.com/download/

0 Karma

solarboyz1
Builder

Splunk is a data tool, for it to help you with those issues, you would need to provide the information required to identify the issue.

specifically I need to catch network errors for things like,

  1. dropped packets or connections

You will need to define what you mean here, packets are dropped on networks all the time.

  1. any kind of network error

  2. blockage by firewall or switch ACL

  3. any other form of connection data

0 Karma

solarboyz1
Builder

What I meant to say:

  1. dropped packets or connections
  2. any kind of network error
  3. blockage by firewall or switch ACL
  4. any other form of connection data

Configure switches/routers/firewall to syslog to your splunk instance.
Install the appropriate apps for the network devices used.

You can install streams and capture the metadata, or configure netflow collectors and send to streams.
All depends on what you have available and what you are trying to do.

But getting the logs from you network devices is probably a good first step and will meet many if not all of your needs.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...