Hi,
How do you use or configure Splunk app for Stream? I believe I must connect my Splunk server to a span port on a router or switch. Then activate the app to index on the span port?
Is my understanding correct?
thanks
Hi Thanks. I actually have read the documentation but I still have doubts on how it captures wire data. Does the machine that has splunk installed need to connect directly to a span port of a router in order to capture wire data?
Yes of course.Start here to learn how to configure the application
http://docs.splunk.com/Documentation/StreamApp/6.4.1/DeployStreamApp/AboutSplunkAppforStream
http://docs.splunk.com/Documentation/StreamApp/6.4.1/User/ConfigureStreams