Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

The Splunk integration with Lumeta requires the installation of two files and the addition of a Lumeta input. Both of these are performed on your Splunk server.

  1. Download the two zipped application files (attached to this page) to your local system:
    1. TA-lumeta.zip
    2. lumeta_app.zip
  2. Unzip them.
    Now you are ready to perform the installation in Splunk.


The Lumeta integration with Splunk is now certified and available in the Splunk marketplace. The Lumeta application supports Splunk dashboards and visualizations by providing Lumeta-discovered network data via syslog and REST APIs. Splunk must be version 8.01 or later.


Installation

  1. Log in to Splunk and navigate to Apps > Manage Apps. Click install app from file.

  2. Select the lumeta_application.zip file to install, then check on the update addon check box and click on upload button.

  3. Once the installation is complete, restart splunk.

  4. Go to the apps list and open Lumeta App for Splunk.

  5. Navigate through different tabs and check the visualizations by changing the timepicker

Installing the Lumeta Application in Splunk

To install the Lumeta plug-in to Spunk: 

  1. Log in to your Splunk server.
  2. Select the Manage Apps (gear) icon.
  3. In the upper right corner, click Install App from File.
  4. Browse to TA-lumeta.? and upload it.
  5. When prompted, click Restart Now.
  6. Repeat steps 3 - 6, this time with lumeta-app. You will not need to restart the system with lumeta-app upload.
    Lumeta Apps display.


Configuring the Lumeta Application in Splunk

  1. On the Apps menu, select Lumeta to manage its data inputs.
  2. Click Create New Input.
  3. Complete the form
    1. Name the input. It's a good idea to include the Command Center IP and Port number (9997) in the input name.
    2. The polling Interval is in seconds
    3. The Index is lumeta
    4. Add the Lumeta URL:

      IF the Command Center is in. . .THEN . . .Example
      A cloud network (e.g., AWS, Azure)Supply Public IP of Command Center

      https://3.9.250.98/api/rest/report/savedQuery

      An on-premises/private networkSupply the firewall addresshttps://65.246.245.110/api/rest/report/savedQuery

      The connection is made and the new input is added to the list:

  4. Select Action > Enable to power on the connection. 

View Select syslog Data

To search syslog data from Lumeta in Splunk:

  1. On the Splunk Apps page, select Lumeta App for Splunk.
  2. Select the Search tab (if you are not there already).
  3. Enter your search criteria. Examples follow:
    1. source=”tcp:9997”
    2. index=lumeta
    3. sourcetype=”lumeta_log_parser”
    4. now combine all 3 into one search
    5. index=lumeta sourcetype=”lumeta_log_parser” source=”tcp:9997”

View Dashboards

To view Lumeta dashboards in Splunk:

  1. On the Splunk Apps page, select Lumeta App for Splunk.
  2. Click Lumeta Dashboard or Lumeta Integration to view the Dashboards.




  • No labels