![]() ![]() NetFlow traffic will be generated at network equipment such as routers or switches where universal forwarders are unlikely to be installed. It is helpful in networks and deployments where a universal forwarder cannot be installed. The ISF sends captured network data to Splunk using the HTTP event collector and does not require a Splunk universal forwarder to collect wire data. The ISF is a standalone Stream forwarder. ![]() Note that for the forwarding layer we can set up Splunk universal forwarders, Splunk heavy forwarders or Independent Stream Forwarder (ISF). The figure above shows a typical multilayer Splunk deployment with Search Head layer, Indexing layer and Forwarding layer adding to all of them the Splunk Stream components required to make Splunk Stream work. In the following figure you can see the general architecture for Splunk Stream in a distributed Splunk deployment: We'll assume that we have a functioning Splunk on-premises distributed environment where we need to deploy Splunk Stream components. There are different deployment architectures available for deploying Splunk Stream both on-premises and on Splunk Cloud. Establishing the Everest Base Camp: Environment SetupĪ solid base camp is crucial for the success of our ascent. So, we will set up our base camp by deploying the Splunk Stream app in our Splunk environment. Through a simple web GUI, you can filter which protocol metadata you want to index, aggregate for statistical analysis of event data, collect NetFlow data, capture full packet streams, monitor network trends and app performance and much more! The software acts as a network traffic sniffing tool. The Splunk Stream app, lets you capture, filter, index, and analyze streams of network event data. Ready to take this journey? Let’s go! Splunk Streamįirst of all, let me introduce you to our sherpa in this Himalayan ascent, my good friend Splunk Stream. So, now that we understand the importance of NetFlow data, let’s see how Splunk can help us. As a rich, passively generated, standard data source available out of the box from your gear, it’s just waiting to be added to the mix, providing some additional insights and goodness! Well, NetFlow provides a lens into the why of network use - What applications are being used, what is driving observed load on a network, and what are my users ultimately trying to accomplish with the network access? By combining NetFlow data with other, lower-level network and infrastructure data you can build a rich picture of network use end-to-end and cross-layer, peering into the applications and services which are being supported and are depending on the network infrastructure! This can help solve myriad use cases, ranging from capacity management, peering strategies, security, performance optimization, and more.Īnd NetFlow is (mostly) standard and it’s ubiquitous! Essentially every IP network device supports NetFlow.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |