Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Interested in pushing Lumeta syslog notifications to Splunk? This page describes how to make that happen.

Configure Lumeta for Splunk

First, configure Lumeta to export notifications to a Splunk server.

  1. On your Lumeta Command Center, browse to Settings > Lumeta Systems.

  2. In the CEF Notifications pane, on the Configuration tab, supply the host name or IP address of your Splunk server, the number of the port you want to communicate over (e.g., 9997) and protocol (e.g., TCP).

    Image Removed

Create API Key

You will need an API key later, when configuring Lumeta input on your Splunk server. Generate one using this procedure.

To generate the API key:

...

Installing the Lumeta Plug-In on Splunk

...

  1. TA-lumeta.zip
  2. lumeta_app.zip

...

Configure the Lumeta Application in Splunk

...

https://3.9.250.98/api/rest/report/savedQuery

...

View syslog Data

To view syslog data from Lumeta in Splunk:

  1. On the Splunk Apps page, select Lumeta App for Splunk.
  2. Select the Search tab (if you are not there already).
  3. Enter your search criteria. Examples follow:
    1. source=”tcp:9997”
    2. index=lumeta
    3. sourcetype=”lumeta_log_parser”
    4. now combine all 3 into one search
    5. index=lumeta sourcetype=”lumeta_log_parser” source=”tcp:9997”

View Dashboards

To view Lumeta dashboards in Splunk:

...

Image Removed

Image Removed

Image Removed

Image Removed

Children Display