Splunk Enterprise Security

Configuring the Receiving of data from Riverbed WAN optimizer CX 3070 into Splunk

saurabh_tek
Communicator

Hello Dev Team,

We are trying to receive logs from Riverbed CX-3070 Wan optimizer device into Splunk.

In the riverbed admin console, to forward the logs we have defined the splunk IP. But there is no place to mention its port number. Also it's not accepting the IP:port format. Please help us configuring this.

I have googled to figure this out, i could not found the solution except some Splunkers have received the data which means it can be done, just need to figure out : how. The devices installation manual (Version 8.6.2, January 2015) was not helpful in this matter.

On the Splunk indexer end, we have opened the port udp:517 for this purpose and defined the sourcetype : riverbed_steelhead.
We need to receive data for the same.

Another thing which i want to know is - whether this add-on supports Enterprise Security 4.1?

Awaiting your response.

  • Saurabh
0 Karma
1 Solution

saurabh_tek
Communicator

By Default, Steelhead sends the data on UDP 514.
Selected Sourcetype - riverbed_steelhead is correct.

View solution in original post

0 Karma

saurabh_tek
Communicator

By Default, Steelhead sends the data on UDP 514.
Selected Sourcetype - riverbed_steelhead is correct.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...