Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Monitoring TCP output from a telephone switch.

johnpulley
New Member
‎05-21-2010 08:38 PM

I want to use Splunk to monitor the error output of a telephone switch. I can easily see the data by connecting to the port with telnet. I tried setting up a TCP data Input with the same port and IP address, but I don't get anything in the index. I've tried both the Enterprise license and the free license. I'm using Splunk 4.1.2 on Windows 2003 installed as a system user.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎05-21-2010 10:44 PM

Splunk's TCP inputs are not really designed to connect to a remote device and then read from it. They are meant for the remote device to connect to Splunk and then send data in. You might try using a couple of netcat commands one to connect to the switch, and one to connect to Splunk. This way, both ends get what they want. Something like this may work:

nc phone_switch 12345 | nc splunk 9999

I've tried this on Linux and it works fine, but I dunno how well this will work on Windows.

View solution in original post

Reply
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎05-21-2010 10:44 PM

Splunk's TCP inputs are not really designed to connect to a remote device and then read from it. They are meant for the remote device to connect to Splunk and then send data in. You might try using a couple of netcat commands one to connect to the switch, and one to connect to Splunk. This way, both ends get what they want. Something like this may work:

nc phone_switch 12345 | nc splunk 9999

I've tried this on Linux and it works fine, but I dunno how well this will work on Windows.

Reply
Solved! Jump to solution

johnpulley
New Member
‎05-24-2010 05:33 PM

Thanks, the light finally went on. First I'll try to see if I can get the telephone switch to do the connect. Otherwire, I'll probably try to ncat approach or something simliar.

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎05-22-2010 12:55 AM

nc doesn't come with Windows, but you can get ncat (sort of a successor to it, and which works the same) from http://nmap.org/ncat/

0 Karma
Reply
Solved! Jump to solution

dskillman
Splunk Employee
Splunk Employee
‎05-21-2010 08:54 PM

TCP inputs are typically used for listening for things like syslog/syslogng. If you connect with telnet do you have to run commands to see the data? Telnet is an active connection from your machine to to the switch. Not the other way around. You would want to tell the switch to syslog to splunk on a given port. Most switches only support udp syslog. And by default on port 514. If the switch only supports inbound connections for data gathering you will need to set up a scripted input.

Reply
Solved! Jump to solution

johnpulley
New Member
‎05-21-2010 09:00 PM

No login or other commands was used with telnet. I used it as a simple way to connect to a port and watch for TCP data. One complication I should have mentioned is that the PC has two NICs and the data is on the 2nd network connection.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...