yes you can assuming you have a transport mechanism from the device to splunk. If you can use a universal forwarder (on a known supported os) you can create a scripted input. This means that the output of the script run gets written into splunk.  With embedded devices, like I believe yours is, you are probably going to need to write out to splunk using syslog. And it’s unlikely you can run a netstat on it unless you can shell into it and find a way to write to splunk.  Nmap allows you to probe from a central location and you don’t need to be local to the host, just a bash shell So you could have a server that gathers information on the other devices using a scripted input that runs nmap. hope this helps ... View more

In this particular case if all connection has done via 127.0.0.1 this is not an issue. But/when there are connections with it's public address then you should fix it by renewing the server's certificate. If you are using Splunk's own (not recommended) then it's usually renewer when you are updating splunk. And when you are using your own/official you must do it by yourself. r. Ismo ... View more