By Splunk March 05, 2015
The Splunk App for Stream just got better! In addition to support for Linux and Mac operating systems, I am pleased to announce that the app now supports Windows 2008 R2 and Windows 7. This new 6.2 version is available now on Splunk Apps. You can use Splunk software with the Splunk App for Stream to correlate wire data with other machine data from any other technology.
In the past releases of Splunk App for Stream, we offered you various ways to work with your wire/network data, whether you wanted to observe all of the data or just a subset of protocols and defined fields. We are now adding even more options for data collection and extraction. The Splunk App for Stream 6.2 release enables you to easily extract important data/fields from network traffic payload without the need to collect and store all payload data. This is done through a unique Custom Content Extraction functionality and a simple GUI interface. You can define a regex and extract and index only relevant payload fields—check out the image below.
Custom Content Extraction helps efficiently collect only relevant data
Why is Custom Content Extraction important? I’m sure you know how large web traffic payload can get. Here is a good part: You can sniff through that traffic and decide, on a very granular field level, exactly what to collect and index with Splunk software. These targeted insights are helpful across variety of use cases:
- Security practitioners can improve their security posture, streamline their forensics analysis and reduce the time spent investigating incidents. They can quickly and easily analyze web, database, DNS or other traffic for potential security risks such as data exfiltration, including exposed clear text passwords or identity information exfiltration.
- Business analysts can get real-time granular insights into key business indicators from web traffic payload for efficient process analytics, including transactional data. These insights offer immediate and real-time visibility into the e-commerce data, such as dynamic content of shopping carts or other important business data without the need to manually extract, store and retrieve the full web content.
- IT or applications admins can efficiently monitor performance of web services delivered through JSON-RPC, SOAP or others. In real time, they can focus on collection of key parameters, such as per-API response times or other targeted fields.
The Splunk App for Stream 6.2 also introduces Stream Stats dashboard, which gives you visibility into protocol traffic and indexing statistics. It includes per-protocol Splunk indexing volume, incoming, outgoing or total traffic bandwidth.
Stream Stats provides visibility into per protocol indexing volume and bandwidth stats
And finally, we expanded our protocol suite and now the Splunk App for Stream also supports Diameter and SMPP. For the full list of supported protocols, check Splunk documentation.
Download this new release of the Splunk App for Stream!
----------------------------------------------------
Thanks!
Stela Udovicic