Splunk® Asset and Risk Intelligence Echo

Install and Manage Splunk Asset and Risk Intelligence Echo

Manage synchronization between Splunk Asset and Risk Intelligence Echo and the primary search head

After you install Splunk Asset and Risk Intelligence Echo on a secondary search head, you can manage synchronization between the app and Splunk Asset and Risk Intelligence on the primary search head.

Establish a connection from the primary search head to the secondary search head

To establish a connection between search heads, complete the following steps:

  1. In Splunk Asset and Risk Intelligence, select Admin then Echo and then Echo configuration settings.
  2. Select Add Echo configuration.
  3. Enter a name for the new configuration and the URL to the secondary search head.
  4. Set the batch size.
  5. (Optional) Select the toggle switch for Configuration sync to sync data between search heads. Then, enter a frequency for synchronization updates in the Configuration sync schedule.
  6. Enter the username and password for Splunk Asset and Risk Intelligence Echo.
  7. (Optional) Select Test new settings to verify the connection.
  8. Select Add.


Sync inventories

After you establish a connection between the primary and secondary search heads, you can sync the inventories. To sync inventories, complete the following steps:

  1. In Splunk Asset and Risk Intelligence, select Admin then Echo and then Echo configuration settings.
  2. In the Configured Echo instances table, locate the name of the configuration you want to sync inventories for.
  3. Select the magnifying glass icon ( search ).
  4. Enter a frequency for synchronization updates in the Sync schedule.
  5. Enter a time in seconds for the Search time window. The search time window specifies a frequency for the inventory to be added. By default, it's set to once per day.

    To ensure that all existing data from the inventories is synchronized with the secondary search head, you might want to run the inventory synchronization with the search time window set to zero before adjusting the schedule.

  6. Select the toggle switch to turn on Inventory synchronization.
  7. Select the check boxes for inventories you want to sync, or select Select all.
  8. (Optional) Select Run now to sync updates before the scheduled sync time.
  9. Select Save.

Sync asset associations

Some associations exist between assets such as IP addresses, MAC addresses, and user IDs. If associations exist, you can sync this data between the primary and secondary search heads. To sync asset associations, complete the following steps:

  1. In Splunk Asset and Risk Intelligence, select Admin then Echo and then Echo configuration settings.
  2. In the Configured Echo instances table, locate the name of the configuration you want to sync inventories for.
  3. Select the more icon ( more ).
  4. Select Association sync.
  5. Enter a frequency for synchronization updates in the Sync schedule.
  6. Enter a time in seconds for the Search time window. The search time window specifies a frequency for the associations to be added. By default, it's set to once per day.
  7. Select the toggle switch to turn on Association synchronization.
  8. (Optional) Select Run now to sync updates before the scheduled sync time.
  9. Select Save.

Sync metrics

You can sync the metrics you add and create in the primary search head to Splunk Asset and Risk Intelligence Echo. To sync metrics, complete the following steps:

  1. In Splunk Asset and Risk Intelligence, select Admin then Echo and then Echo configuration settings.
  2. In the Configured Echo instances table, locate the name of the configuration you want to sync metrics for.
  3. Select the more icon ( more ).
  4. Select Compliance sync.
  5. Enter a frequency for synchronization updates in the Sync schedule.
  6. Select the toggle switch to turn on Metrics synchronization.
  7. Select the check boxes for inventories you want to sync, or select Select all.
  8. (Optional) Select Run now to sync updates before the scheduled sync time.
  9. Select Save.

Edit or delete the configuration connection for Splunk Asset and Risk Intelligence Echo

You can edit the configuration connection between search heads or delete the instance entirely from the primary search head. To edit or delete the configuration connection, complete the following steps:

  1. In Splunk Asset and Risk Intelligence, select Admin then Echo and then Echo configuration settings.
  2. In the Configured Echo instances table, locate the name of the configuration you want to edit or delete.
  3. To edit the configuration, select the settings icon ( settings ).
    1. Make your changes.
    2. Select Save.
  4. To delete the configuration connection, select the more icon ( more ).
    1. Select Delete Echo.
    2. Confirm that you want to delete it by selecting Delete again.
Last modified on 05 August, 2024
Install Splunk Asset and Risk Intelligence Echo   Review synchronization history for Splunk Asset and Risk Intelligence Echo

This documentation applies to the following versions of Splunk® Asset and Risk Intelligence Echo: 1.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters