@kth90 Splunk does not currently have capabilities to monitor PLC's.  For HMI's it depends on whether you are talking about embedded systems, but many HMI's just run on windows/linux operating systems and information can be collected from logs on the host (usually with a Universal Forwarder, but sometimes you can find logs on the SCADA/DCS system as well).  Although the C-More Historian you mention doesn't appear to be that way.  Process data can be collected for PLC's often from the SCADA/DCS system or in most cases a Historian, but those are primarily operational focused.  Also there are capabilities to collect operational data via OPC UA and MQQT using some plugins on splunkbase. If we are talking about from the Security perspective (e.g. asset information, access, firmware, vulnerabilities, etc) Splunk relies on partner integrations with Nozomi, Claroty, Dragos, etc. (there are about a dozen major players in this space) who have that visibility and can provide asset info, vulnerabilities detected, and alerts to Splunk and are natively integrated in the OT Security Add on For Splunk (https://splunkbase.splunk.com/app/5151).  You can of course build your own dashboards or leverage apps if the vendor has one.  As mentioned by @venkatasri some of those devices do support syslog, but in all honesty very few of them do and they will likely be newer devices. ... View more

Is there a specific system you are wanting to create in (e.g. ServiceNow), or is it a customer system? ... View more

Splunk in Azure would work but it would be managed by your own organization (Splunk Cloud is only currently available on AWS) as a Linux VM. Splunk can also be run in a hybrid model where you have on-premise instance of Splunk that queries Azure or another cloud hosted instance of Splunk. There really are multiple options; however, going with a cloud provider might be better if you are doing a lot of machine learning and AI, just so you have the necessary compute resources. I think there may also be special considerations for them to allow you run the python script from the app. Would probably be best to consult with your sales team to clarify everything that is needed for the approach you want. They might be able to give you more advice as well on the exact setup. ... View more

If you python script needs to retrieve data from Splunk- You might consider leveraging the Python SDK (https://dev.splunk.com/enterprise/docs/python/sdk-python/examplespython/) to retrieve the data periodically from Splunk (say every minute as you stated) perform the analysis. If you just want Splunk Apps to periodically run the script or pick up the results of the script- You could use the Splunk App to to schedule the script to run every minute, 5 minutes, etc. To make sure the app has proper permissions I would run the script using the Splunk python libraries to make sure if doesn't have any errors (SPLUNK_HOME/bin/splunk cmd python ). The other consideration doing it this way is python 3 is only supported on Splunk Enterprise 8.x. If the current library uses python 3, you might need to consider running it outside of Splunk (such as a cron job or windows task scheduler depending on your OS). You can then pump the data results back into Splunk (if needed) in various ways (e.g. writes the output to a data file and Splunk monitors the data file and imports the data). Hopefully this helps. Search for "splunk app run python script" should also yield examples and how to do this. ... View more

Does it have to be python script? There are ways to send the data from Azure IoT to Azure Event Hub, then Splunk can collect the data from event hub. There are existing Splunk IoT customers who do this currently. ... View more

@gcusello is absolutely correct on what he says (70% knowing and 30% doing): it just depends on your knowledge of the environment. I have done this kind of solution in less than half a day, but that was with a customer who knew about their environment and was ready. I would suggest you work with your Splunk rep and he will pull in the necessary resources to scope out the timeline. One of the biggest advantages of Splunk is how easy and quick it is to get going and have data flowing in. This applies to IIoT as well as IT. ... View more

This didn't work for me, but I was able to get the following to work: cd to SPLUNK_HOME/etc/apps SPLUNK_HOME/bin/splunk package app ... View more