Hello,
As I've said in a previous post, I am new to Splunk so please excuse the newb questions.
I have been tasked with taking over our Splunk project which was installed about 6 years ago and mostly idle ever since. Now I have 2 weeks to get certain dashboards running. Keep in mind I do not have a strong IT background, but I do have people who can assist me.
My question is about what to use to get certain information to the indexing server. When this system was initially set up, consultants came in and used universal forwarders, but they had several problems. One work around was to use SQL Server agent to help collect some of the network data. I'm sure Splunk has grown over the past 6 years, so now I am wondering what I should use, possibly even instead of forwarders. I am thinking about reinstalling Splunk from scratch.
For instance, here are some of the things I want to collect. If someone could point me in a direction as to what to use I would appreciate the help. I've tried searching Splunk Knowledgebase, but there is so much, I'm just now sure which direction to go (which apps to use, etc).
Antivirus update data (I was told they had a problem getting Symantec to play nice in the past)
Bandwidth data
Failed logins
File auditing after hours
Barracuda backup data
Firewall data (this monitored is on a separate management computer so may not work)
Thanks again.
↧