Solved: Is it possible to access Splunk from different Vla...

Mfmahdi · ‎04-10-2023

Our Splunk environment is working specific vlan our management want to have to Splunk moved to out of band management or move some management servers of Splunk to different vlan and access the management servers through ssh by using out band management is this can be Done?

Thank you in advance

PickleRick · ‎04-10-2023

There are many sides to this question.

Yes, since splunk is "just" a service running on top of your operating system, it can use any IP your OS is set up with.

But.

Depending on complexity of your whole environment, moving Splunk to another IP might introduce some challenges. You have to make sure that our forwarders send their data to the proper address (and are pointed at the proper Deployment Server if you're using one). If you have multiple Splunk components (separate - possibly clustered - indexers, separate - possibly clustered - search heads), they must have consistent configuration and be able to see each other.

So it might be as easy as just reconfiguring your OS and - if there aren't many of them - reconfiguring forwarders by hand or as complicated as going over a complicated multi-layered environment and doing the changes in proper order and making sure that config for the whole setup makes sense.

Also complexity of the operation can differ depending on whether you want it (mostly) online or if you can allow significant downtime.

If you have something bigger than a standalone single-server instance, you might want to (and I strongly suggest you do that) engage your local friendly Splunk Partner.

View solution in original post

PickleRick · ‎04-10-2023

There are many sides to this question.

Yes, since splunk is "just" a service running on top of your operating system, it can use any IP your OS is set up with.

But.

Depending on complexity of your whole environment, moving Splunk to another IP might introduce some challenges. You have to make sure that our forwarders send their data to the proper address (and are pointed at the proper Deployment Server if you're using one). If you have multiple Splunk components (separate - possibly clustered - indexers, separate - possibly clustered - search heads), they must have consistent configuration and be able to see each other.

So it might be as easy as just reconfiguring your OS and - if there aren't many of them - reconfiguring forwarders by hand or as complicated as going over a complicated multi-layered environment and doing the changes in proper order and making sure that config for the whole setup makes sense.

Also complexity of the operation can differ depending on whether you want it (mostly) online or if you can allow significant downtime.

If you have something bigger than a standalone single-server instance, you might want to (and I strongly suggest you do that) engage your local friendly Splunk Partner.

richgalloway · ‎04-10-2023

Yes, it can be done. With the proper network configuration, Splunk can be accessed from anywhere in the world. All you tell Splunk is the port number to listen on - everything else is up to your network admins.

---
If this reply helps you, Karma would be appreciated.

Mfmahdi · ‎04-11-2023

tanks a lot 🙂

Is it possible to access Splunk from different Vlan?

using Splunk Enterprise

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off