Splunk Enterprise Security

Configuring the Receiving of data from Riverbed WAN optimizer CX 3070 into Splunk

Communicator

Hello Dev Team,

We are trying to receive logs from Riverbed CX-3070 Wan optimizer device into Splunk.

In the riverbed admin console, to forward the logs we have defined the splunk IP. But there is no place to mention its port number. Also it's not accepting the IP:port format. Please help us configuring this.

I have googled to figure this out, i could not found the solution except some Splunkers have received the data which means it can be done, just need to figure out : how. The devices installation manual (Version 8.6.2, January 2015) was not helpful in this matter.

On the Splunk indexer end, we have opened the port udp:517 for this purpose and defined the sourcetype : riverbed_steelhead.
We need to receive data for the same.

Another thing which i want to know is - whether this add-on supports Enterprise Security 4.1?

Awaiting your response.

  • Saurabh
0 Karma
1 Solution

Communicator

By Default, Steelhead sends the data on UDP 514.
Selected Sourcetype - riverbed_steelhead is correct.

View solution in original post

0 Karma

Communicator

By Default, Steelhead sends the data on UDP 514.
Selected Sourcetype - riverbed_steelhead is correct.

View solution in original post

0 Karma