Today we released an enhanced version of the collectd app for Splunk. As the app is using metric index and enhanced mstats command, you will need to use Splunk Enterprise version 7.1.
As some of you know we love these small Mikrotik boxes running RouterOS. They are offering a rich feature set and functionality at a very reasonable price.
We also love Splunk.. so it makes perfect sense to import RouterOS data into Splunk. To have greater value of your data we’ve created a Splunk Technology Add-On for RouterOS.
Data is extracted for the Splunk CIM data models network traffic, name resolution (DNS), DHCP and authentication.
Today I got a question from a colleague if it’s possible to connect a H2 database engine to Splunk. It would be great to index events from that database – as it contains security events coming from an anti-virus system.
To index events based on a RDBMS there is Splunk’s well-known DB Connect app (https://splunkbase.splunk.com/app/2686/). Unfortunately the DB Connect support matrix doesn’t mention anything with H2 database – so I decided to test it out.
Yesterday I had a discussion with a colleague if we should switch the indexing of Windows Eventlogs to XML. He mentioned that he was told that it’s faster, needs less data volume and language agnostic.
Read more →