Description of the Splunk Connector with EndaceProbes. Enables a Pivot to Packets workflow from a Splunk alert, event or log. Typically used to investigate security or network issues by automatically filtering and pulling the associated packets forward into Wireshark or Endace Vision
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
End sb all_endaceprobe_splunk
1. S ol u tions B rief
Deploying EndaceProbe™ Intelligent
Network Recorders and Splunk
Emulex and Splunk deliver an elegant and seamless workflow
solution for detecting and resolving network issues
At a Glance
Splunk captures summary level information
that indicates the presence of network issues,
but does not provide sufficient resolution
to determine the root cause of the problem.
Integrated with EndaceProbe Intelligent Network
Recorders (INRs), the combined solution provides
organizations with the ability to detect and
investigate issues at network packet-level in order
to lower time-to-resolution (TTR) on a whole
range of issues.
Product
EndaceProbe Intelligent Network Recorder
Solution Benefits
n
Greater insight into critical network issues
n
Reduce TTR
n
Lower operational expenditures (OPEX)
The Endace Fusion
Ecosystem Program
optimizes data analysis
workflows between
its family of EndaceProbe INRs and industry
leading third-party monitoring and security
tools that detect anomalous network
behavior.
Endace is a division of Emulex
Leveraging the open architecture of the EndaceProbe INRs, Emulex now
offers its customers an integrated Splunk Fusion Connector that extends
Splunk by allowing users to select an event in their Splunk dashboard and
deep dive to the associated packet-level information. This allows users to
rapidly gain deeper insight into critical problems and ultimately lower TTR.
Going Deeper, Faster—The Combined Value of Splunk and Emulex
Splunk is an industry-leading software platform for collecting and
correlating machine data generated from a variety of different IT systems
and infrastructure. Customers use the technology to help detect network
problems, monitor infrastructure elements and gain real-time visibility into
customer experience, transactions and behavior.
When it comes to resolving network issues, Splunk provides a wide breadth
of visibility by nature of its network event collection and correlation
capabilities, however the logs that provide this visibility are only application
interpretations of the actual packet flows on traversing the network. This
summary level information is very good at indicating the presence of
network issues, but does not provide sufficient resolution to be able to
determine the root cause of the problem.
Integrated with EndaceProbe INRs (see Figure 1 and Figure 2), the combined
solution provides organizations with the ability to detect and investigate
issues at the network packet-level, lowering TTR on a whole range of issues.
Network Operations (NetOps) and Security Operations (SecOps) teams use
the historical record of network activity to help engineers and analysts with
troubleshooting and security forensics. Because Emulex captures 100% of
the network traffic transiting a link, whether it is a 10Gb Ethernet (10GbE),
40GbE or 100GbE link, the EndaceProbe historical view is at a level of detail
and accuracy found nowhere else in the industry.
Figure 1 – Splunk integration
2. Deploying EndaceProbe Intelligent
Network Recorders and Splunk
D ATA S H E E T
The Splunk Fusion Connector is available through SplunkBase.
The plugin is easy to install (on the appliance running the Splunk
instance) and adds minimal overhead to the performance of the
application.
EndaceProbe INRs are deployed at strategic/relevant points across
the network. Leveraging the INRs’ RESTful API, users can click on
a Splunk event and pivot straight to the packets of interest which
are delivered to the user as a .PCAP or .ERF file for deep analysis in
a protocol analyzer, such as Wireshark®.
Conclusion
Emulex EndaceProbe INRs and Splunk integrate to provide a wide
view of the network with a comprehensive search and drill down
capabilities, providing SecOps and NetOps teams the fastest TTR
for a whole range of issues in the industry today.
Figure 2 – Endace Flow Search
By integrating Splunk and Emulex technologies at the ‘event’ level,
organizations can complete the detection and investigation cycle
more quickly and completely. The benefits of the Splunk Fusion
Connector include:
n
n
n
n
Productivity improvements for end users that ultimately result
in lower OPEX
Ability to contain real issues more effectively, thus reduce the
impact on end users
The opportunity to detect false positives more quickly and
better ‘tune’ detection systems
The ability to affect better quality fixes through true root-cause
analysis
The Solution
The Splunk Fusion Connector is a free piece of software, created
by the team at Emulex, enabling NetOps teams that rely on Splunk
for network fault management to dramatically reduce the time it
takes to investigate and resolve network and security problems.
It works by connecting users to the precise network packets that
they need to diagnose, respond and establish the root cause of a
problem through an elegant and seamless workflow.
www.emul ex.c om
Endace USA Limited
14425 Penrose Place, Suite 225
Chantilly, VA 20151, USA
Phone +1 877 764 5411
Phone +1 703 378 0601
Fax +1 703 935 4840
Endace Fusion Ecosystem
The Endace Fusion Ecosystem Program ensures a predictable
customer experience when the Endace Application
Dock is used. This program provides application vendors
with a structured method for testing and validating the
performance of particular applications in the Application
Dock environment. Deploying applications into the
Application Dock environment offers organizations a
number of important and valuable benefits, including:
n
Improved application performance
n
Reduction in hardware footprint
(for lowered OPEX and capital expenditures [CAPEX])
n
Improved workflow
n
Improved flexibility and agility
For more information about the
Fusion Ecosystem Program, click here.
Endace Limited (UK)
Davidson House, Forbury Square
Reading, Berkshire, RG1 3EU
United Kingdom
Phone +44 118 900 1425
Fax +44 118 900 1426
Endace Australia Pty. Ltd.
Level 32, 101 Miller Street
North Sydney, NSW 2060 Australia
Phone +1 800 196 594
Phone +61 2 8912 2157
Emulex Corporate Office
3333 Susan Street
Costa Mesa, CA 92626, USA
Phone +1 714 662 5600
13-1127 · 6/13
![Deploying EndaceProbe Intelligent
Network Recorders and Splunk
D ATA S H E E T
The Splunk Fusion Connector is available through SplunkBase.
The plugin is easy to install (on the appliance running the Splunk
instance) and adds minimal overhead to the performance of the
application.
EndaceProbe INRs are deployed at strategic/relevant points across
the network. Leveraging the INRs’ RESTful API, users can click on
a Splunk event and pivot straight to the packets of interest which
are delivered to the user as a .PCAP or .ERF file for deep analysis in
a protocol analyzer, such as Wireshark®.
Conclusion
Emulex EndaceProbe INRs and Splunk integrate to provide a wide
view of the network with a comprehensive search and drill down
capabilities, providing SecOps and NetOps teams the fastest TTR
for a whole range of issues in the industry today.
Figure 2 – Endace Flow Search
By integrating Splunk and Emulex technologies at the ‘event’ level,
organizations can complete the detection and investigation cycle
more quickly and completely. The benefits of the Splunk Fusion
Connector include:
n
n
n
n
Productivity improvements for end users that ultimately result
in lower OPEX
Ability to contain real issues more effectively, thus reduce the
impact on end users
The opportunity to detect false positives more quickly and
better ‘tune’ detection systems
The ability to affect better quality fixes through true root-cause
analysis
The Solution
The Splunk Fusion Connector is a free piece of software, created
by the team at Emulex, enabling NetOps teams that rely on Splunk
for network fault management to dramatically reduce the time it
takes to investigate and resolve network and security problems.
It works by connecting users to the precise network packets that
they need to diagnose, respond and establish the root cause of a
problem through an elegant and seamless workflow.
www.emul ex.c om
Endace USA Limited
14425 Penrose Place, Suite 225
Chantilly, VA 20151, USA
Phone +1 877 764 5411
Phone +1 703 378 0601
Fax +1 703 935 4840
Endace Fusion Ecosystem
The Endace Fusion Ecosystem Program ensures a predictable
customer experience when the Endace Application
Dock is used. This program provides application vendors
with a structured method for testing and validating the
performance of particular applications in the Application
Dock environment. Deploying applications into the
Application Dock environment offers organizations a
number of important and valuable benefits, including:
n
Improved application performance
n
Reduction in hardware footprint
(for lowered OPEX and capital expenditures [CAPEX])
n
Improved workflow
n
Improved flexibility and agility
For more information about the
Fusion Ecosystem Program, click here.
Endace Limited (UK)
Davidson House, Forbury Square
Reading, Berkshire, RG1 3EU
United Kingdom
Phone +44 118 900 1425
Fax +44 118 900 1426
Endace Australia Pty. Ltd.
Level 32, 101 Miller Street
North Sydney, NSW 2060 Australia
Phone +1 800 196 594
Phone +61 2 8912 2157
Emulex Corporate Office
3333 Susan Street
Costa Mesa, CA 92626, USA
Phone +1 714 662 5600
13-1127 · 6/13](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)