How to configure network devices on splunk

tuhinbhowmick · ‎02-12-2014

Hi,

I am very new to this tool. I have just installed Splunk 6.0 and till now haven't add any data.

I want to use this tool for my DC Network infra monitoring. So, can you please help me out how to proceed further ?

Your quick ans would be really appreciable.

Regards,
Tuhin

dmaislin_splunk · ‎02-13-2014

Add a syslog data input, probably a UDP data input on port 514 with a default sourcetype of syslog. Turn on syslog at the Switch to send data to the Splunk server on that port.

dmaislin_splunk · ‎02-13-2014

Forwarders are a different download and are very lightweight: http://www.splunk.com/download/universalforwarder

dmaislin_splunk · ‎02-13-2014

Yes, install a Splunk Universal Forwarder on the syslog server and forward the events directly into Splunk. You will need to setup Splunk as a receiver on the default port of 9997 if you have not done so already. This is pretty much the standard way that all customers get data from a syslog server into Splunk.

tuhinbhowmick · ‎02-13-2014

We already have SYSLOG server. Is there any way SPLUNK can fetch data directly from SYSLOG server or we need to install SPLUNK on syslog server itself to analyze the data ?

Regards,
Tuhin

tuhinbhowmick · ‎02-12-2014

More specifically, how should I forward the Cisco Switch data directly to Splunk so that it can use those data for showing result.

I have read about Splunk Universal Forwarder to collect dat directly from endpoints. So, in that case if I want to get the data directly from my Cisco Switch to SPLUNK, then how to proceed ?

Regards,
Tuhin

How to configure network devices on splunk

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!