- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Splunk network monitoring
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk network monitoring
Hello, I am trying to figure out hwo we can use Splunk to monitor and report on our network,
specifically I need to catch network errors for things like,
- dropped packets or connections
- any kind of network error
- blockage by firewall or switch ACL
- any other form of connection data
I tried Splunk Stream, which gives us a lot of data of general chatter and bandwidth info, but its not very useful for detecting network errors or troubleshooting problems
Is there an app or examples on how to set something like this up? Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You may need to collect the following data in Splunk:
*>dropped packets or connections
*>any kind of network error
You can get this information from SNMP polling/traps or sFlow counters or certain NetFlow/IPFIX records
*>blockage by firewall or switch ACL
syslogs or NetFlow data
*>any other form of connection data
NetFlow, sFlow, IPFIX
We are a Splunk partner and we provide all this data (except syslog, which is natively ingested by Splunk) with our product - NetFlow Optimizer.
Try it for free by visiting https://www.netflowlogic.com/download/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk is a data tool, for it to help you with those issues, you would need to provide the information required to identify the issue.
specifically I need to catch network errors for things like,
- dropped packets or connections
You will need to define what you mean here, packets are dropped on networks all the time.
any kind of network error
blockage by firewall or switch ACL
any other form of connection data
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What I meant to say:
- dropped packets or connections
- any kind of network error
- blockage by firewall or switch ACL
- any other form of connection data
Configure switches/routers/firewall to syslog to your splunk instance.
Install the appropriate apps for the network devices used.
You can install streams and capture the metadata, or configure netflow collectors and send to streams.
All depends on what you have available and what you are trying to do.
But getting the logs from you network devices is probably a good first step and will meet many if not all of your needs.
Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
Monitoring Amazon Elastic Kubernetes Service (EKS)
