Splunk integration with Analytics (GUI) : Versa Support

How to:

Integrate Splunk (Remote Collector) using Analytics GUI.

* For CLI configuration please review Integrate Splunk with Versa Analytics - Versa Networks (versa-networks.com)

* Prerequisite: Considering Analytics is configured with an operational Local Collector.

set log-collector-exporter local collectors collector-1 address 192.168.x.x

set log-collector-exporter local collectors collector-1 port 1234

set log-collector-exporter local collectors collector-1 transport tcp

set log-collector-exporter local collectors collector-1 protocol ipfix

set log-collector-exporter local collectors collector-1 storage directory /var/tmp/log

This KB is for demonstration purpose only on release 22.1.3. The setup should be as per organizational requirement.

Analytics GUI

Navigate to

Admin > Configurations > Log Collector Exporter

Configure a Remote Template

Remote Template > Add Type as Syslog > Save Changes

Configure a Remote Collector

Remote Collector > Add Destination IP/Port of Server running Splunk

* Pending Queue Limit (Default: 2048)

* Transmit Rate (Default: 1000 per second)

Configure a Remote Collector Group (Only if more than one remote collector)

"To provide HA for remote collectors, you can configure multiple remote collectors, as described in the previous section, and then place them into a remote collector group. You can configure one of the remote collectors to be the primary collector. The logs are streamed to the primary collector when it becomes active. When the connection to the active collector is unavailable, logs are streamed to next collector in the group. Logs continue to stream to this collector even if the initial active collector again becomes available."

Ref: Configure Log Collectors and Log Exporter Rules - Versa Networks (versa-networks.com)

Configure a Remote Profile

"You configure a remote profile to assign a name to an individual remote collector, or a remote collector group, or a remote collector group list. You then reference the remote profile when you configure a log exporter policy."

Configure Exporter Rule

"To define the specific type of logs to stream from a local collector to a remote collector, you configure log exporter rules that match log types and tenants and export them to the remote collector defined in a remote profile. When you define the rules, ensure that the match criteria are unique in the local collector. If you configure overlapping match criteria, the rule that matches first is used first and the other rules are ignored."

Ref: Configure Log Collectors and Log Exporter Rules - Versa Networks (versa-networks.com)

==========================================================================

Troubleshooting:

Verify the Status/Statistics of remote collector

Splunk Integration with Analytics (GUI)

Modified on: Fri, 16 Aug, 2024 at 6:29 AM

More articles in Versa Analytics