Solved: Does Splunk send nightly info to corp?

justindevelops · ‎01-01-2017

Hello - As the subject states, does Splunk send your daily usage etc to corp on a nightly schedule?

The reason I ask is that I am new to Splunk, (learning it for enterprise clients) and ran into something odd.

I set up Splunk last week (using Vagrant locally) and connected my router to it for sys logs. Digging through all the logs found that something appears on my network at the same time every early AM and connects to a few IP's (AWS mostly but one had a few references for Splunk) for a few minutes then goes away.

Now this could have been on my network without my knowledge but the IP's at AWS and one that came up for Splunk have made me want to dig into this router a little further first.

Thank you in advance!
- Justin

martin_mueller · ‎01-01-2017

If that's happening around 3:05am, you've probably opted in to sharing usage, performance, or license data with Splunk: http://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Shareperformancedata

View solution in original post

martin_mueller · ‎01-01-2017

If that's happening around 3:05am, you've probably opted in to sharing usage, performance, or license data with Splunk: http://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Shareperformancedata

martin_mueller · ‎01-01-2017

There's also update checks, should be apps.splunk.com - AWS IPs behind that.

justindevelops · ‎01-01-2017

Good to know, thank you for that info.

I actually found out what my "rouge" issue was. It was my kindle syncing, that I thought was off sitting in the closet. 🙂

If nothing else at least now I know about Splunk updates and logging/usage stuff now for clients. 🙂

justindevelops · ‎01-01-2017

OK it is not Splunk then. I checked that link and my settings and that is turned off. Thank you for the response!

Does Splunk send nightly info to corp?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes