Aviatrix App for Splunk
Copyright © 2014-2017 Aviatrix Systems,Inc. All rights reserved.
- App Homepage: https://splunkbase.splunk.com/app/3585/
- Authors: Rakesh Ranjan
- App Version: 1.2
Aviatrix App for Splunk is an advanced reporting and analysis tool for Aviatrix cloud networking software. This app leverages Aviatrix controller and gateway logs and Splunk's search and visualization capabilities to provide monitoring and troubleshooting capabilities along with rapid insight and operational visibility for CloudOps and infrastructure engineers.
Step1: Install App
This App is available on Github. There are different ways to install splunk app.
Install via command line:
You can clone the github repository to install the App.
$SPLUNK_HOME/etc/apps/ directory, type the following command:
git clone https://github.com/AviatrixCommunity/SplunkforAviatrix.git SplunkforAviatrix
Restart splunk to start using the app.
Install via Splunkbase:
Alternatively you can download tar file of this app from splunkbase, and follow instructions available there to install the app.
Step 2: Initial Setup
Make sure the latest version of Aviatrix software is installed before you start to configure the controller. You should see the alert for software upgrade on the menu bar of the controller if a newer version is available. Click Upgrade and wait for the upgrade to complete.
Follow the steps below to enable the logging for Splunk and Sumo Logic.
- Launch the web browser and input the URL of your controller.
- Once logged in, navigate to Settings > Loggings.
- On the right hand side, enable the logging for Splunk by clicking the status button area. A new panel will appear for you to input Splunk IP Address and Splunk Server Listening Port. Enter Splunk enterprise IP address and port number(Splunk listens on port 9997 by default for forwarders). Click Enable when you are done.
- To enable AviatrixRule logging, select packet logging when configuring gateway security policies. This is done by clicking the gateway of interests at Gateway panel.
- To verify if the logs are delivered to the specified Splunk and Sumo Logic servers, make a user VPN connection through any gateway managed by the controller. At the prompt on Search bar of Splunk, type Aviatrix* and you shall see the Aviatrix logs.
This app comes with few prebuilt dashboards.
This dashboard shows an overview of all the traffic logs collected by Splunk from Aviatrix controller.
This dashboard shows lets you see network flow to/from servers across the network, and can be used for dependency discovery post cloud migration using IPMotion. This dashboard needs
Sankey Diagram - Custom Visualization Splunk app to be preinstalled on Splunk server for visualisation. For more details on this dashboard and setup instructions, click here.
Found a bug or need a feature? Open an issue on github