|Has index-time operations||true|
|Create an index||true|
The Gigamon Insight Add-on for Splunk allows a Splunk® Enterprise administrator to integrate the features and functionality of the Insight solution with their existing Splunk deployment. The add-on leverages Insight’s fully RESTful APIs to interact with the Insight backend to introduce specific data sets into Splunk. This document contains all the necessary information to configure and install the add-on.
Access questions and answers specific to the Gigamon Insight Add-on for Splunk at https://portal.icebrg.io/help/splunk.
Contact your Gigamon Insight technical account manager for additional support.
Gigamon Insight Add-on for Splunk supports the following server platforms in the versions supported by Splunk Enterprise:
To function properly, Gigamon Insight Add-on for Splunk requires the following software:
Because this add-on runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
Download the Gigamon Insight Add-on for Splunk at https://portal.icebrg.io/help/splunk
To install and configure this app on your supported platform, follow these steps:
Follow these steps to install the app in a single server instance of Splunk Enterprise:
Add-on Global Settings
| API Token | This is a required global parameter that will be used in all input types. It is the API token that can be created on your Insight profile settings page. All Insight API calls require a token for authentication. Tokens never expire and will remain valid until revoked. |
- Added options in Insight Detections input type to include passive dns and dhcp information for the impacted asset for each detection imported.
Fixed a bug with insight_query input type where duplicate events could be imported based on combination of low interval periods and extremely high query results (event counts).
Fixed a bug with the insight_detections input type where duplicate detections could be imported because of a timestamp mismatch between server local time and UTC time.
Version 2.3.3 of the Gigamon Insight Add-on for Splunk fixes the following issues:
* Fixed a bug with the insight_detection input type, and the checkpoint date was not being taken account for each polling interval. This was causing the app to import duplicate detections.
* Fixed a bug with the insight_query input type to use the timestamp of the last event imported as the checkpoint rather than the timestamp of when the last poll took place. This ensures there are no missed events regardless of the polling interval.
New in version 2.3.2:
- Added proxy support for add-on
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.