Splunk your wire-level data with Splunk App for Streams
- By : Luke Monahan
- In : News
- Comments : Comments Off on Splunk your wire-level data with Splunk App for Streams
In December 2013 Splunk announced the acquisition of Cloudmeter, a company collecting data directly from network traffic. From that acquisition has arisen the new Splunk App for Streams, which allows the easy capturing, filtering, indexing and analysis of wire-level data in Splunk.
The Splunk App for Stream consists of two components. An agent sits inside of the network stack of the operating system. All network traffic for that operating system instance passes through this agent, and it can capture any portion of that traffic and forward it to the Splunk datastore. The second component is a user interface that allows the user to specify the application from which to collect data and the fields within that stream for that application to capture.
By using a software agent connected to physic and virtual switch SPAN ports you can also capture traffic from across the entire network.
The app includes a fine-grained way to control which network streams are being captured straight from the user interface so that license costs can be controlled and non-useful data discarded.
Rivium’s experienced Splunk engineers are available to assist you with installing and configuring this app, and then making use of this oft ignored source of security and operational data.