Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Next »

Interested in pushing Lumeta syslog notifications to Splunk? This page describes how to make that happen.

Configure Lumeta for Splunk

First, configure Lumeta to export notifications to a Splunk server.

  1. On your Lumeta Command Center, browse to Settings > Lumeta Systems.

  2. In the CEF Notifications pane, on the Configuration tab, supply the host name or IP address of your Splunk server, the number of the port you want to communicate over (e.g., 9997) and protocol (e.g., TCP).

Create API Key

You will need an API key later, when configuring Lumeta input on your Splunk server. Generate one using this procedure.

To generate the API key:

  1. On your Lumeta Command Center, browse to Settings > Users.
  2. Select a username row and click Edit
  3. On the API Key dropdown, select the Copy option.

    The API key is copied to the clipboard.

  4. Paste the API key to a notepad file for later.

Installing the Lumeta Plug-In on Splunk

  1. Download these two zipped application files to your local system:
    1. TA-lumeta.zip
    2. lumeta_app.zip
  2. Unzip them.
  3. Log in to your Splunk server.
  4. Select the Manage Apps (gear) icon.
  5. In the upper right corner, click Install App from File.
  6. Browse to TA-lumeta.? and upload it.
  7. When prompted, click Restart Now.
  8. Repeat steps 3 - 6, this time with lumeta-app.? You will not need to restart the system with lumeta-app upload.
    Lumeta Apps display on the Splunk Dashboard.


Configure the Lumeta Application in Splunk

  1. On the Apps menu, select Lumeta to manage its data inputs.
  2. Click Create New Input.
  3. Complete the form
    1. Name the input. It's a good idea to include the Command Center IP and Port number (9997) in the input name.
    2. The polling Interval is in seconds
    3. The Index is lumeta
    4. IF the Command Center is in. . .THEN . . .Example
      A cloud network (e.g., AWS, Azure)Supply Public IP of Command Center

      https://3.9.250.98/api/rest/report/savedQuery

      An on-premises/private networkSupply the firewall addresshttps://65.246.245.110/api/rest/report/savedQuery

View syslog Data

To view syslog data from Lumeta in Splunk:

  1. On the Splunk Apps page, select Lumeta App for Splunk.
  2. Select the Search tab (if you are not there already).
  3. Enter your search criteria. Examples follow:
    1. source=”tcp:9997”
    2. index=lumeta
    3. sourcetype=”lumeta_log_parser”
    4. now combine all 3 into one search
    5. index=lumeta sourcetype=”lumeta_log_parser” source=”tcp:9997”

View Dashboards

To view Lumeta dashboards in Splunk:

  1. On the Splunk Apps page, select Lumeta App for Splunk.
  2. Click Lumeta Dashboard or Lumeta Integration to view the Dashboards.







        1. Log into Splunk.
        2. Click the Splunk > Enterprise logo on top left to display the Lumeta and Lumeta App for Splunk tabs.
    1. Configuring Lumeta in Splunk
    2. Inputs 
  • No labels