Security

How to connect to Splunk remotely and Ping other fowarders

sieutruc
Contributor

Hello,

I have 2 questions as below:
First, i installed Splunk in Windows server 2008 (local user). How to use another computer connect to that computer in order to control Splunk remotely (computer i use maybe at the same company network, or in internet) ?
Second, how to know that the fowarder is active and not cut down from network to which Splunk connect? I read the documents and know 2 methods:
- if fowarder is computer, we can use Scripted input with ping command
- Fowarder is switch, router, ... that is implemeted SNMP protocol, can use SNMP trap to send to Splunk, and if there is no data for a certain time, we can imply it's disconnected from network.
Am i right? or i lack something ?

Tags (1)
0 Karma

dwaddle
SplunkTrust
SplunkTrust

Your first question does not entirely make sense to me. Splunk has its own webserver, known as Splunkweb, which you can use to access it remotely, assuming all of your firewall and etc allows it. If it doesn't, you'll need to configure it to allow it. Anything you cannot do via SplunkWeb you will need to use something like Remote Desktop to connect to the server as if you were at its console.

The second question, you need to be more careful of terminology. A Splunk forwarder is only one thing - it is a computer that has the Splunk software loaded on it. Switches and routers are not (and for the forseeable future cannot be) forwarders. Switch and router vendors typically do not support installing 3rd party software products on their equipment.

For a genuine Splunk forwarder, there is a periodic checkin that can be monitored via the Deployment Monitor app in Splunk.

For your switches and routers, you can use the the absence of events as a hint that they are down, but it is just a hint. You might use a scripted input on the Splunk indexer to poll them via SNMP and confirm they can answer you, which would be an even better hint.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...