Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I access CLI via AMI/PCAP Upload?

RedMelon
New Member
‎03-14-2023 05:20 AM

Hi all,

I require access to the CLI and am using splunk Enterprise AMI, any help would be apperacited. 

Alternatively if anyone has any ideas on how I can do the following It would be greatly greatly appreactited.

I have a large amount of PCAP files for ingestion by splunk, there seems to be a file size limit when uploading my merged PCAPS so i am left with the problem of trying to upload 1000+ PCAPS which would be a painstaking long process done manually, a workaround is through the CLI however I can not access it.

This is for a university project and any help would be appreciated, thanks for reading!

Tags (5)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-14-2023 10:16 AM

Please be a bit more precise. You need a CLI access to what? If I remember correctly, access to your VMs should be managed by the AWS mechanisms (haven't worked with that a while but I think it's your or your infrastructure team's responsibility to make sure you have access to remote shell.

About uploading PCAP-s - what would you want to do with PCAP files on Splunk? Splunk is not a network traffic analyzing software? You could upload pcaps if you had Splunk Stream installed but that's another story - do you have Stream installed?

0 Karma
Reply

RedMelon
New Member
‎03-16-2023 06:29 AM

Hi there, 

I need CLI to make the ingesting of the PCAPS plausible. I have to manually upload them one at a time however using the CLI I can ingest them in mass.

I'm following this documentation

stream is installed and I can and have uploaded individual PCAPS but the sheer amount I need to upload makes that method not plausible. I plan to use splunk to detect malicious beaconing traffic inside these PCAPS, via some rules I'll make.

But with the AMI I'm struggling to access the CLI.

 

If anyone has a answer for either:

how do I access the CLI on the AMI version of Splunk Enterprise?

Uploading large file sized PCAPS, alternative ways to upload this traffic?

 

Any help would be greatly appreciated. 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-16-2023 06:40 AM

It's more an AWS issue than Splunk problem as such.

Check out the docs at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html

The Splunk AMI is based on Amazon-Linux so most probably you're gonna be connecting to ec2-user

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...