Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

using stream forwarder to forward pcap data

weicheng98
Path Finder
‎07-07-2018 03:42 AM

Hi, I would like to forward pcap data using tcpreplay on a remote machine which has installed a stream forwarder to forward the pcap data to my local machine. In my local machine, I have installed splunk stream but I did not receive any pcap data when I run tcpreplay on my remote machine.

e.g. I ran this on my remote machine, but it didnt worked. So I tried installing a universal forwarder.
./streamfwd -r '/root/Desktop/mypacket.pcap' -s http://:8889

e.g. using universal forwarder
sudo ./splunk add forward-server :9997

then I added the directory to monitor.
./splunk add monitor /root/Desktop -sourcetype pcap_capture -index wireshark_pcaptest
(is that how universal forwarder works like it monitors traffic in the desktop directory since im running tcpreplay on my desktop ?)

So my question is how do I receive pcap data using the both methods as mentioned above ? Because I want to simulate a real-time traffic through tcpreplay. (please correct my understanding)

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...