Integrate ExtraHop with Splunk



Similar documents
ExtraHop and AppDynamics Deployment Guide

Hyperoo 2.0 A (Very) Quick Start

uh6 efolder BDR Guide for Veeam Page 1 of 36

Creating a Website with Google Sites

Creating a Website with Google Sites

Your Archiving Service

educ Office Remove & create new Outlook profile

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

RSA Security Analytics

Juniper Networks Management Pack Documentation

OneLogin Integration User Guide

Connecting to UNOSECURE using Windows 7

Integrating with IBM Tivoli TSOM

NetFlow Analytics for Splunk

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

How to generate an APNs Certificate to use the Apple MDM protocol via the portal

APNS Certificate generating and installation

HDA Integration Guide. Help Desk Authority 9.0

Immotec Systems, Inc. SQL Server 2005 Installation Document

TECHNICAL TRAINING LAB INSTRUCTIONS

Preparing for GO!Enterprise MDM On-Demand Service

VMware vcenter Log Insight Getting Started Guide

Setting up a Scheduled task to upload pupil records to ParentPay

1. Open Thunderbird. If the Import Wizard window opens, select Don t import anything and click Next and go to step 3.

Fax and SMS Quickguide

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

TSM Studio Server User Guide

Configure Cisco Unified Customer Voice Portal

Windows Clients and GoPrint Print Queues

Remote Desktop Web Access. Using Remote Desktop Web Access

Installation Guide and Machine Setup

Accessing Personal Web Folders Macon State College

AeroLab Wireless Network Code of Conduct. Connecting to the AeroLab Wireless Network

Appspace 5.X Reference Guide (Digital Signage) Updated on February 9, 2015

Hubcase for Microsoft Dynamics CRM Installation and Configuration Guide

Secure File Transfer Training Guide. Secure File Transfer Training Guide. Author: Glow Team Page 1 of 15 Ref: GC265_v1.1

SevOne NMS Download Installation and Implementation Guide

How to Schedule Report Execution and Mailing

Management, Logging and Troubleshooting

ClicktoFax Service Usage Manual

Integrating ConnectWise Service Desk Ticketing with the Cisco OnPlus Portal

BackupAgent LabTech Integration Installation and Usage

EventTracker: Integrating Imperva SecureSphere

Velocity Web Services Client 1.0 Installation Guide and Release Notes

Desktop Surveillance Help

Instructions for Microsoft Outlook 2003

1. Introduction What is Axis Camera Station? What is Viewer for Axis Camera Station? AXIS Camera Station Service Control 5

An Introduction to Box.com

CONSOLEWORKS WINDOWS EVENT FORWARDER START-UP GUIDE

Install FileZilla Client. Connecting to an FTP server

How to install and use the File Sharing Outlook Plugin

NETWRIX EVENT LOG MANAGER

VMware vcenter Log Insight Getting Started Guide

Lync Online Deployment Guide. Version 1.0

Monitoring Oracle Enterprise Performance Management System Release Deployments from Oracle Enterprise Manager 12c

MultiSite Manager. User Guide

Connecting to the Hospira FTP Server

How do I Configure, Enable, and Schedule Reports?

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Important Notes for WinConnect Server VS Software Installation:

Using AppMetrics to Handle Hung Components and Applications

Undergraduate Academic Affairs \ Student Affairs IT Services. VPN and Remote Desktop Access from a Windows 7 PC

DocuSign Connect for Salesforce Guide

RSA Security Analytics

Quick Start Guide. Installation and Setup

IIS, FTP Server and Windows

Massey University Wireless Network Client Configuration Mac OS X

Licensing Guide BES12. Version 12.1

Quick Start Guide. Hosting Your Domain

Using SSH Secure Shell Client for FTP

Oracle SOA Suite 11g Oracle SOA Suite 11g HL7 Inbound Example

File Storage. This is a manual that contains pertinent information about your File Storage space at SLC.

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

RSA Event Source Configuration Guide. EMC Avamar

Creating a Website with Publisher 2013

Support Guide: Managing the Subject machine s Firewall.

CTERA Cloud Onramp for IBM Tivoli Storage Manager

v v Alarm Notifications: [Y] Bounding boxes for analytics: [N]

Wireless Guest Server User Provisioning Instructions

3dCart Shopping Cart Software V3.X Affiliate Program Guide

Google Trusted Stores Setup in Magento

University of Wisconsin System Shared Financial System (SFS) PeopleTools 8.53 Client Setup Guide

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

Configure the idrac Remote Access Console

Device LinkUP + Desktop LP Guide RDP

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Sophos Endpoint Security and Control standalone startup guide

Installing and Configuring vcloud Connector

Gómez Script Recorder

VMware Mirage Web Manager Guide

Big Data Operations Guide for Cloudera Manager v5.x Hadoop

Dynamic DNS How-To Guide

Change Advanced Proxy Server Configuration Settings

Lync for Mac Get Help Guide

MyNetFone Virtual Fax. Virtual Fax Installation

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Secret Server Splunk Integration Guide

Transcription:

Integrate ExtraHop with Splunk Introduction The ExtraHop system monitors network and application performance by gathering data passively on the network. It offers deep and customizable analytics of wire data in real time. Splunk collects and indexes data generated by applications, servers, and other devices. The Splunk bigdata platform offers storage and correlation of a variety of data sources. Integrating ExtraHop with Splunk allows for long-term storage and trending of wire data and correlation of wire data with other sources, such as machine data from logs. The ExtraHop Splunk bundle and the Splunk app serve as templates for getting started with integrating the two solutions. You can modify these templates to configure what data is sent from ExtraHop to Splunk and how it is displayed in Splunk. This guide assumes a general understanding of how to write and deploy ExtraHop Application Inspection Triggers, bundles, and other user-defined data-gathering methods in ExtraHop. To learn more about userdefined elements, go to the navigation bar in the ExtraHop Web UI and click the Help icon. System Requirements ExtraHop version 4.0 or later Splunk version 4.3 or later Configuring ExtraHop to Send Events to Splunk 1. Open Splunk and enter your username and password. 2. Go to Manager and click Data Inputs. Integrate ExtraHop with Splunk - Page 1 of 5

3. Go to TCP and click Add New. 4. Configure a TCP port with source type syslog and note the port. Sending Triggers to Splunk 1. In the ExtraHop Web UI, click System Settings and click Administration. 2. In the System Configuration section, click Open Data Streams. 3. Click Syslog Systems. 4. On the Open Data Stream for Syslog Settings page: a. In the Host field, enter the host name. b. Click the Protocol drop-down list and select TCP. c. In the Port field, enter the port you noted earlier. Integrate ExtraHop with Splunk - Page 2 of 5

5. Click Save. In an ECM-powered deployment, perform these steps on each node, not on the ECM. Sending Alerts to Splunk 1. In the ExtraHop Web UI, click Settings and click Administration. 2. Go to the Network Settings section and click Notifications. 3. Click Syslog. 4. On the Syslog Notification Settings page: a. In the Destination field, enter the host name. b. Click the Protocol drop-down list and select TCP. c. In the Port field, enter the port you noted earlier. 5. Click Save. In an ECM-powered deployment, perform these steps on each node, not on the ECM. Installing the ExtraHop Splunk Bundle 1. Log in to the ExtraHop Customer Portal with your credentials. 2. From the Community menu, select Solutions Bundle Gallery. 3. In the list of bundles, click ExtraHop Splunk Bundle. 4. Click Download Now and save the.json file to your computer. 5. In the ExtraHop Web UI toolbar, click System Settings and then click Bundles. 6. Click Upload, paste the raw bundle data into the window OR upload a saved bundle in.json file format from your workstation, and then click Upload. 7. Click OK to save the bundle, reopen the bundle, and then click Apply to load the triggers. 8. Assign the triggers to appropriate devices and device groups (e.g., assign "HTTP Events to Splunk" to web servers). Go to Devices and select a device from the list. Click the Select Action drop-down list and select Assign Trigger. OR Go to Device Groups, select the Activity Groups tab, and then select a group from the list. Select a device from the list, and then click the device name in the left panel. Click the Triggers tab, and then click the Add symbol. Assign triggers only to devices that require the collection of custom metrics. Assigning triggers to all devices will cause unnecessary trigsger executions that may cause the system to run slowly. 9. In the Assign Triggers window, select the checkbox next to the triggers and click OK. 10. Click Settings, click Triggers, select the triggers, and then click Enable. Integrate ExtraHop with Splunk - Page 3 of 5

Viewing the Results in the SplunkBase ExtraHop App 1. To see the results, go to http://splunk-base.splunk.com/apps/53757/extrahop and click Download App. 2. Log in or sign up for Splunk. 3. A list of apps appears. Click ExtraHop. 4. At the top of the page, click App and then click Manage apps 5. On the Apps page, click Install app from file. 6. Click Choose File, select the file you downloaded, and then click Upload. 7. Click Restart Splunk. 8. At the top of the page, click App and then click ExtraHop to see the data. Integrate ExtraHop with Splunk - Page 4 of 5

You can customize the fields and set the frequency for sending data to Splunk by modifying the triggers in the ExtraHop Web UI. For example, you can set a condition such that data is only sent to Splunk if errors occur or if response times are exceedingly high. For more information about triggers, see Application Inspection Triggers Quick Start Guide. You can customize how the ExtraHop data appears in Splunk by creating your own views. For more information about how to work with Splunk data, refer to the Splunk KnowledgeBase at http://docs.splunk.com/documentation/splunk. Integrate ExtraHop with Splunk - Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information