We just improved our popular and free Splunk App for Stream! In the new Splunk App for Stream 6.3 release we’ve introduced Distributed Forwarder Management (DFM), a functionality that simplifies configuration while increasing administration flexibility. The new 6.3 release is available now on Splunkbase.
As a flexible software solution, you can deploy the Splunk App for Stream anywhere in the network—on-prem or cloud environments. Your implementation can be simple—collecting data from only a handful of SPAN ports, or very complex—with hundreds of different globally distributed Stream forwarders gathering data from endpoints. If your monitoring needs are more complex, you can target and customize how and where to deploy Stream to collect wire data to meet those needs more precisely.
DFM enables you to create and assign protocol selection to specific forwarder groups. Using a simple GUI and regex rules, you can create and manage groups of forwarders that are serving identical roles, such as the ones capturing traffic from web server farms, DNS servers, database servers or any others.
We bring you lots of flexibility and many protocols to select from! If you’re interested only in database server communication, you need only enable MySQL, TNS or TDS protocols and assign them to particular server groups. For your web servers, you may be interested in gathering HTTP, DNS and TCP protocols. The DFM also works with the ephemeral and aggregated streams, as well as with your deployment server if you use it. For more details, please check our DFM documentation.
In this release, we also have made important performance enhancements and added support to detect TOR protocol—which is useful for security practitioners. To take advantage of all the improvements, we strongly urge you to deploy this latest release of the Splunk App for Stream!
Sr.Product Marketing Manager