Splunk® Supported Add-ons

Splunk Add-on for Infoblox

Configure inputs for the Splunk Add-on for Infoblox

The Splunk Add-on for Infoblox handles inputs through TCP or UDP. There are two ways to capture this data.

1. Create a TCP/UDP input to capture the data sent on the port you have configured in Infoblox NIOS.

2. If you are using a syslog aggregator, create a monitor input to monitor the file or files generated by the aggregator.

TCP/UDP input

In the Splunk platform node handling data collection, configure the TCP/UDP input to match your configurations in Infoblox NIOS and set your source type to infoblox:port. The CIM mapping and dashboard panels are dependent on this source type.

Follow the below steps to collect data data through syslog using a TCP/UDP connection :

1. Open Infoblox Grid Manager. 2. From the Grid tab, select the Grid Manager tab -> Members tab, and then click Grid Properties -> Edit from the Toolbar. 3. In the Grid Properties editor, select the Monitoring tab. Here you can configure global syslog servers under the EXTERNAL SYSLOG SERVERS section. One can also configure syslog servers for each Grid Member. For more information, please refer to the infoblox documentation for Using Syslog Servers. 4. Use the protocol and port information of the desired syslog server to configure inputs in splunk.For information on how to configure a Splunk forwarder or single-instance to receive a syslog input, see "Get data from TCP and UDP ports" in the Getting Data In manual.

Monitor input

If you are using a syslog aggregator, on the Splunk platform node handling data collection, set up a monitor input to monitor the file or files that are generated and set your source type to infoblox:file. The CIM mapping and dashboard panels are dependent on this source type.

See "Monitor files and directories" in the Getting Data In manual for information about setting up a monitor input.

Validate data collection

Once you have configured the input, run this search to check that you are ingesting the data that you expect. The add-on converts the infoblox:port and infoblox:file source types to infoblox:dhcp and infoblox:dns according to the content of events.

sourcetype=infoblox*

Last modified on 12 August, 2023
Configure Infoblox to send data to the Splunk Add-on for Infoblox   Troubleshoot the Splunk Add-on for Infoblox

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters