Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure Stream App 7.12 on Splunk Ent 7.1.0 to see port with tap data running over it?

robnewman666
Path Finder
‎05-03-2018 07:44 AM

It seems as though they've made the newer version of Splunk Enterprise a little more difficult when it comes to Stream and Data inputs. I've done this in the past, but with the newer versions mentioned above, I cannot get Stream to 1. Verify using the set permissions script. 2. Create a new data input via wire data (loads of new fields that are making it impossible). 3. localhost doesn't seem to be working as a stream source anyway.

I can already see the data via tcpdump, (The port was set as promisc and no IPs etc) but Splunk doesn't seem to want to play or the latest update has made it rather difficult to add a wire data input. Anyone else had any joys/gripes in these versions?

0 Karma
Reply
Get Updates on the Splunk Community!

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...