All Apps and Add-ons

Splunk for telecom

Bhavna
Engager

Hi,
I am trying to collect use cases in the telecom industry. Can someone tell me how splunk is useful in detecting network abusers.What kind of information does it capture from network logs and what kind of dashboards can we make.

Tags (1)
0 Karma

mhale1982
Path Finder

From network logs, like Ayn said, it captures anything you can export to it. It's up to the admin to filter those logs for relevant information.

For example, with out ASAs, I'm able to see who logs into the VPN the most, which IPs generate the most URL requests, which IP addresses have the most outbound traffic (in number of requests, not bandwidth), and so forth.

If you want to find network abusers (such as people who download excessive amounts of data), you'll want to combine Splunk with a tool that'll monitor bandwidth and activity.

0 Karma

grudnitsky
Splunk Employee
Splunk Employee
0 Karma

DaveSavage
Builder

Bhavna, from a personal experience with one of the major comms group over the past years, with Splunk for some of that time and all on VoIP / SIP, there is a wide range of application areas. The edge devices are a clear point of interest but there is also GPG13 cover in the plug-ins re abuse. CDR analysis is clearly a good point to be covered using the log analysis but so is QoS if you have a mind to.
There are also plug-ins here (see Apps) for Cisco Call Managers iro voice, but it is not limited to that product iro voice - the same would go for Avaya and Siemens platforms.
In terms of purer network traffic voice, or data you will find a wide range of apps / plug-ins and some drilling down to a good depth for IDS / IPS.
Good luck in your journey.

0 Karma

Ayn
Legend

I'm guessing you could get much more relevant information if you contact Splunk sales than if you ask a question here. They'll surely have examples of how Splunk is / can be used within the telecom industry.

That said, with regards to your questions - "What kind of information does it capture from network logs and what kind of dashboards can we make." - it captures whatever you throw at it. As long as it's some kind of text data, preferrably but necessarily with timestamps in it, Splunk can index it. What kind of dashboards you can make is entirely up to you. Splunk comes with a rich framework for creating dashboards, you have a great number of different modules at your disposal for doing so.

Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...