icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Gigamon Insight Add-on for Splunk
SHA256 checksum (gigamon-insight-add-on-for-splunk_236.tgz) 65ac0141660f8cb62c835c5ea67398ae7930a943e4209a09908b4d4b27b5c9d7 SHA256 checksum (gigamon-insight-add-on-for-splunk_235.tgz) c20e96d7c3c4bce86f930107a2b26d492c19227d3e3485299e4ecac70654869f SHA256 checksum (gigamon-insight-add-on-for-splunk_234.tgz) 0c6f37a3450f7c03aa2dc4395903829a5c1e01530ccb431af7c1df8e6566a3d0 SHA256 checksum (gigamon-insight-add-on-for-splunk_233.tgz) fed8631bd060a64d7d0ea580a3e6a6ffc41f9d5f4f1e960a0fa0dac1d1a2b337 SHA256 checksum (gigamon-insight-add-on-for-splunk_232.tgz) 77fc1436d00045978d9f6b5cfa7916e083a03c38a8c2b0e67f1328fa97128566 SHA256 checksum (gigamon-insight-add-on-for-splunk_231.tgz) 64f9fed829a7d1b9bfb8ab40a23e47a795c3d4724f489ae6690e8ec8d808aaa2
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Gigamon Insight Add-on for Splunk

Splunk AppInspect Passed
Overview
Details
Overview
The Gigamon Insight Splunk Add-on allows administrators to incorporate the network telemetry data collected and analyzed by the Gigamon Insight solution into their Splunk deployment. This add-on leverages Insight’s fully RESTful APIs to interact with the cloud backend to introduce specific data sets into Splunk. With this add-on, the Insight Query Language (IQL) can be used to import specific network events (such as HTTP, DNS, SMB, Kerberos, Suricata, and more) and all the associated metadata into Splunk. After the initial import, the add-on will periodically poll Insight at a specified interval for new match events to import. Detections and reports generated by Insight can also be imported, and the add-on will periodically poll Insight at a specified interval for new detections and reports to import. Enrichment and intelligence can also be imported for specified entities, such as WHOIS information, VirusTotal reports, Passive DNS records, and DHCP records.

Gigamon Insight Add-on for Splunk

Table of Contents

OVERVIEW

  • About the Gigamon Insight Add-on for Splunk
  • Release notes
  • Support and resources

INSTALLATION AND CONFIGURATION

  • Hardware and software requirements
  • Installation steps
  • Deploy to single server instance

USER GUIDE

  • Data types
  • Lookups

About the Gigamon Insight Add-on for Splunk

Author Gigamon
Vendor Products Insight
Has index-time operations true
Create an index true
Implements summarization false

The Gigamon Insight Add-on for Splunk allows a Splunk® Enterprise administrator to integrate the features and functionality of the Insight solution with their existing Splunk deployment. The add-on leverages Insight’s fully RESTful APIs to interact with the Insight backend to introduce specific data sets into Splunk. This document contains all the necessary information to configure and install the add-on.

Release notes

New features

Fixed issues

Known issues

Third-party software attributions

Support and resources

Access questions and answers specific to the Gigamon Insight Add-on for Splunk at https://portal.icebrg.io/help/splunk.

Support

Contact your Gigamon Insight technical account manager for additional support.
https://portal.icebrg.io/help/splunk

INSTALLATION AND CONFIGURATION

Hardware and software requirements

Hardware requirements

Gigamon Insight Add-on for Splunk supports the following server platforms in the versions supported by Splunk Enterprise:

  • Hardware independent

Software requirements

To function properly, Gigamon Insight Add-on for Splunk requires the following software:

  • Splunk 7.0.0 or higher

Splunk Enterprise system requirements

Because this add-on runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.

Download

Download the Gigamon Insight Add-on for Splunk at https://portal.icebrg.io/help/splunk

Installation steps

To install and configure this app on your supported platform, follow these steps:

  1. Navigate in the Splunk interface to the Manage Apps page.
  2. Click on the Install app from file button.
  3. Click the Choose File button and select the Gigamon Insight Add-on for Splunk file.
  4. Click the Upload button.
  5. In the Splunk apps list, select the Gigamon Insight Add-on for Splunk app to begin configuration.
Deploy to single server instance

Follow these steps to install the app in a single server instance of Splunk Enterprise:

  1. Navigate in the Splunk interface to the Manage Apps page.
  2. Click on the Install app from file button.
  3. Click the Choose File button and select the Gigamon Insight Add-on for Splunk file.
  4. Click the Upload button.
  5. In the Splunk apps list, select the Gigamon Insight Add-on for Splunk app to begin configuration.

USER GUIDE

Configuration Settings
Add-on Global Settings
| API Token | This is a required global parameter that will be used in all input types. It is the API token that can be created on your Insight profile settings page. All Insight API calls require a token for authentication. Tokens never expire and will remain valid until revoked. |

Data types

Common Information Model Mapping

Lookups

  • The Gigamon Insight Add-on for Splunk does not contain lookup files.

Release Notes

Version 2.3.6
Oct. 7, 2019

Version 2.3.6
Released: 10/7/2019
Features Added
- Added options in Insight Detections input type to include passive dns and dhcp information for the impacted asset for each detection imported.

Version 2.3.5
Sept. 10, 2019

Version 2.3.5
Bug Fixes
Fixed a bug with insight_query input type where duplicate events could be imported based on combination of low interval periods and extremely high query results (event counts).

Version 2.3.4
Aug. 27, 2019

Version 2.3.4

Bug Fixes
Fixed a bug with the insight_detections input type where duplicate detections could be imported because of a timestamp mismatch between server local time and UTC time.

Version 2.3.3
June 4, 2019

**Bug Fixes**
Version 2.3.3 of the Gigamon Insight Add-on for Splunk fixes the following issues:
* Fixed a bug with the insight_detection input type, and the checkpoint date was not being taken account for each polling interval. This was causing the app to import duplicate detections.
* Fixed a bug with the insight_query input type to use the timestamp of the last event imported as the checkpoint rather than the timestamp of when the last poll took place. This ensures there are no missed events regardless of the polling interval.

Version 2.3.2
April 12, 2019

New in version 2.3.2:
- Added proxy support for add-on

Version 2.3.1
April 2, 2019

17
Installs
119
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.