Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to connect to Splunk remotely and Ping other fowarders

sieutruc
Contributor
‎08-21-2012 08:40 AM

Hello,

I have 2 questions as below:
First, i installed Splunk in Windows server 2008 (local user). How to use another computer connect to that computer in order to control Splunk remotely (computer i use maybe at the same company network, or in internet) ?
Second, how to know that the fowarder is active and not cut down from network to which Splunk connect? I read the documents and know 2 methods:
- if fowarder is computer, we can use Scripted input with ping command
- Fowarder is switch, router, ... that is implemeted SNMP protocol, can use SNMP trap to send to Splunk, and if there is no data for a certain time, we can imply it's disconnected from network.
Am i right? or i lack something ?

Tags (1)
0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎08-21-2012 10:02 AM

Your first question does not entirely make sense to me. Splunk has its own webserver, known as Splunkweb, which you can use to access it remotely, assuming all of your firewall and etc allows it. If it doesn't, you'll need to configure it to allow it. Anything you cannot do via SplunkWeb you will need to use something like Remote Desktop to connect to the server as if you were at its console.

The second question, you need to be more careful of terminology. A Splunk forwarder is only one thing - it is a computer that has the Splunk software loaded on it. Switches and routers are not (and for the forseeable future cannot be) forwarders. Switch and router vendors typically do not support installing 3rd party software products on their equipment.

For a genuine Splunk forwarder, there is a periodic checkin that can be monitored via the Deployment Monitor app in Splunk.

For your switches and routers, you can use the the absence of events as a hint that they are down, but it is just a hint. You might use a scripted input on the Splunk indexer to poll them via SNMP and confirm they can answer you, which would be an even better hint.

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...