Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

new to splunk, wanting to monitor client's sbs boxes automatically

adamgardner
New Member
‎10-12-2010 03:09 PM

Hi, im posting from a small IT company who looks after x amount of clients. We want to be able to have splunk monitor the remote SBS boxes, (both sbs2003 and 2008), looking for errors in the event logs and when there is a problem with a server, such as it goes offline or looses a connection to WAN or LAN. Is this possible in splunk? can someone provide me with steps or good documentation

0 Karma
Reply

ftk
Motivator
‎10-12-2010 03:17 PM

This is possible. Your best starting point for this would be the official Splunk documentation, specifically the Installation Manual, found here: http://www.splunk.com/base/Documentation/latest/Installation/WhatsintheInstallationManual

Be sure to read up the prerequisites and architecture diagrams, the Windows installation process, and advanced concepts such as forwarder to ship data from remote servers.

After reading through the Installation Manual, I recommend downloading a copy of Splunk and installing the evaluation copy on a Dev system. Start playing around with it, add some of your data, and go through the Admin Manual as you become more familiar with splunk. Put together some dev (or even live) systems and start monitoring some sbs servers. Once you got your process and searches down, adding more systems should be easy.

Reply

dwaddle
SplunkTrust
SplunkTrust
‎10-12-2010 03:36 PM

Splunk can "get data" from any place that has connectivity between the client(forwarder) and the indexer. This might mean additional firewall holes and/or VPN-style setups depending on your particular environment, but the only roadblock here is a lack of connectivity.

Reply

adamgardner
New Member
‎10-12-2010 03:33 PM

thanks for the reply, in regarding the remote servers, these are based off site, however we have a development Hyper-V box which is on a seperate internet line, am i right in thinking that splunk can still get data from these servers?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...