Splunk Enterprise

How do I access CLI via AMI/PCAP Upload?

RedMelon
New Member

Hi all,

I require access to the CLI and am using splunk Enterprise AMI, any help would be apperacited. 

Alternatively if anyone has any ideas on how I can do the following It would be greatly greatly appreactited.

I have a large amount of PCAP files for ingestion by splunk, there seems to be a file size limit when uploading my merged PCAPS so i am left with the problem of trying to upload 1000+ PCAPS which would be a painstaking long process done manually, a workaround is through the CLI however I can not access it.

This is for a university project and any help would be appreciated, thanks for reading!

Tags (5)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

Please be a bit more precise. You need a CLI access to what? If I remember correctly, access to your VMs should be managed by the AWS mechanisms (haven't worked with that a while but I think it's your or your infrastructure team's responsibility to make sure you have access to remote shell.

About uploading PCAP-s - what would you want to do with PCAP files on Splunk? Splunk is not a network traffic analyzing software? You could upload pcaps if you had Splunk Stream installed but that's another story - do you have Stream installed?

0 Karma

RedMelon
New Member

Hi there, 

I need CLI to make the ingesting of the PCAPS plausible. I have to manually upload them one at a time however using the CLI I can ingest them in mass.

I'm following this documentation

stream is installed and I can and have uploaded individual PCAPS but the sheer amount I need to upload makes that method not plausible. I plan to use splunk to detect malicious beaconing traffic inside these PCAPS, via some rules I'll make.

But with the AMI I'm struggling to access the CLI.

 

If anyone has a answer for either:

how do I access the CLI on the AMI version of Splunk Enterprise?

Uploading large file sized PCAPS, alternative ways to upload this traffic?

 

Any help would be greatly appreciated. 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

It's more an AWS issue than Splunk problem as such.

Check out the docs at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html

The Splunk AMI is based on Amazon-Linux so most probably you're gonna be connecting to ec2-user

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...