Solved: Match IP network source

pfries54 · ‎01-24-2018

I want to add data of a network, for example 192.168.0.0/24.
But when i select TCP/UDP, and i add 192.168.0.* on "Accept connection of" i don't receive log of my network.
But it work when i just indicate UDP port.

It's a problem with my regex ?

nickhills · ‎01-24-2018

Splunk is not a network sniffer in itself.

Your option are:

Configure Syslog to send data from each host on your network to a TCP/UDP port

https://access.redhat.com/solutions/54363
Install a Universal forwarder on each of your hosts

http://docs.splunk.com/Documentation/Forwarder/7.0.1/Forwarder/HowtoforwarddatatoSplunkEnterprise
Install and deploy Splunk Stream for network traffic

https://splunkbase.splunk.com/app/1809/
many others

If my comment helps, please give it a thumbs up!

View solution in original post

nickhills · ‎01-24-2018

Splunk is not a network sniffer in itself.

Your option are:

Configure Syslog to send data from each host on your network to a TCP/UDP port

https://access.redhat.com/solutions/54363
Install a Universal forwarder on each of your hosts

http://docs.splunk.com/Documentation/Forwarder/7.0.1/Forwarder/HowtoforwarddatatoSplunkEnterprise
Install and deploy Splunk Stream for network traffic

https://splunkbase.splunk.com/app/1809/
many others

If my comment helps, please give it a thumbs up!

Match IP network source

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?