Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I access CLI via AMI/PCAP Upload?

RedMelon
New Member
‎03-14-2023 05:20 AM

Hi all,

I require access to the CLI and am using splunk Enterprise AMI, any help would be apperacited. 

Alternatively if anyone has any ideas on how I can do the following It would be greatly greatly appreactited.

I have a large amount of PCAP files for ingestion by splunk, there seems to be a file size limit when uploading my merged PCAPS so i am left with the problem of trying to upload 1000+ PCAPS which would be a painstaking long process done manually, a workaround is through the CLI however I can not access it.

This is for a university project and any help would be appreciated, thanks for reading!

Tags (5)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-14-2023 10:16 AM

Please be a bit more precise. You need a CLI access to what? If I remember correctly, access to your VMs should be managed by the AWS mechanisms (haven't worked with that a while but I think it's your or your infrastructure team's responsibility to make sure you have access to remote shell.

About uploading PCAP-s - what would you want to do with PCAP files on Splunk? Splunk is not a network traffic analyzing software? You could upload pcaps if you had Splunk Stream installed but that's another story - do you have Stream installed?

0 Karma
Reply

RedMelon
New Member
‎03-16-2023 06:29 AM

Hi there, 

I need CLI to make the ingesting of the PCAPS plausible. I have to manually upload them one at a time however using the CLI I can ingest them in mass.

I'm following this documentation

stream is installed and I can and have uploaded individual PCAPS but the sheer amount I need to upload makes that method not plausible. I plan to use splunk to detect malicious beaconing traffic inside these PCAPS, via some rules I'll make.

But with the AMI I'm struggling to access the CLI.

 

If anyone has a answer for either:

how do I access the CLI on the AMI version of Splunk Enterprise?

Uploading large file sized PCAPS, alternative ways to upload this traffic?

 

Any help would be greatly appreciated. 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-16-2023 06:40 AM

It's more an AWS issue than Splunk problem as such.

Check out the docs at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html

The Splunk AMI is based on Amazon-Linux so most probably you're gonna be connecting to ec2-user

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...