Splunk Enterprise Security

Configuring the Receiving of data from Riverbed WAN optimizer CX 3070 into Splunk

saurabh_tek
Communicator

Hello Dev Team,

We are trying to receive logs from Riverbed CX-3070 Wan optimizer device into Splunk.

In the riverbed admin console, to forward the logs we have defined the splunk IP. But there is no place to mention its port number. Also it's not accepting the IP:port format. Please help us configuring this.

I have googled to figure this out, i could not found the solution except some Splunkers have received the data which means it can be done, just need to figure out : how. The devices installation manual (Version 8.6.2, January 2015) was not helpful in this matter.

On the Splunk indexer end, we have opened the port udp:517 for this purpose and defined the sourcetype : riverbed_steelhead.
We need to receive data for the same.

Another thing which i want to know is - whether this add-on supports Enterprise Security 4.1?

Awaiting your response.

  • Saurabh
0 Karma
1 Solution

saurabh_tek
Communicator

By Default, Steelhead sends the data on UDP 514.
Selected Sourcetype - riverbed_steelhead is correct.

View solution in original post

0 Karma

saurabh_tek
Communicator

By Default, Steelhead sends the data on UDP 514.
Selected Sourcetype - riverbed_steelhead is correct.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...