Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I access CLI via AMI/PCAP Upload?

RedMelon
New Member
‎03-14-2023 05:20 AM

Hi all,

I require access to the CLI and am using splunk Enterprise AMI, any help would be apperacited. 

Alternatively if anyone has any ideas on how I can do the following It would be greatly greatly appreactited.

I have a large amount of PCAP files for ingestion by splunk, there seems to be a file size limit when uploading my merged PCAPS so i am left with the problem of trying to upload 1000+ PCAPS which would be a painstaking long process done manually, a workaround is through the CLI however I can not access it.

This is for a university project and any help would be appreciated, thanks for reading!

Tags (5)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-14-2023 10:16 AM

Please be a bit more precise. You need a CLI access to what? If I remember correctly, access to your VMs should be managed by the AWS mechanisms (haven't worked with that a while but I think it's your or your infrastructure team's responsibility to make sure you have access to remote shell.

About uploading PCAP-s - what would you want to do with PCAP files on Splunk? Splunk is not a network traffic analyzing software? You could upload pcaps if you had Splunk Stream installed but that's another story - do you have Stream installed?

0 Karma
Reply

RedMelon
New Member
‎03-16-2023 06:29 AM

Hi there, 

I need CLI to make the ingesting of the PCAPS plausible. I have to manually upload them one at a time however using the CLI I can ingest them in mass.

I'm following this documentation

stream is installed and I can and have uploaded individual PCAPS but the sheer amount I need to upload makes that method not plausible. I plan to use splunk to detect malicious beaconing traffic inside these PCAPS, via some rules I'll make.

But with the AMI I'm struggling to access the CLI.

 

If anyone has a answer for either:

how do I access the CLI on the AMI version of Splunk Enterprise?

Uploading large file sized PCAPS, alternative ways to upload this traffic?

 

Any help would be greatly appreciated. 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-16-2023 06:40 AM

It's more an AWS issue than Splunk problem as such.

Check out the docs at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html

The Splunk AMI is based on Amazon-Linux so most probably you're gonna be connecting to ec2-user

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...