Optimis for Splunk is an application whose aim is to allows the Mixcom OptimIS appliance to export flows and statistics information to Splunk® Enterprise or Splunk® Cloud. With this application a Spunk owner can dispose of the analysis results done by Optimis directly in his Splunk implementation to :
View builtin reports of selected analysis corresponding to a measurement done from a specific context point by the OptimIS solution :
-TCP / UDP Transactions: displays the statistics of TCP exchanges.
-HTTP Transactions: displays HTTP transactions along with the various error codes and response times per transaction.
-802.11 Activity: displays the statistics of radio exchanges between stations and wifi hotspots.
Enrich data at disposal of a Splunk implementation to consolidate information and permit best decisions making
The source data is collected from on-premises infrastructure network by the Optimis system at various probe locations. Then they are analyzed and aggregated before being sent to the Splunk infrastructure for indexing and presentation by Optimis for Splunk.
When using Splunk Enterprise, you can install the OptimIS for Splunk app from the Splunkbase. If you don’t have directly access to Splunkbase, you can also install the OptimIS for Splunk app as follows:
cd SPLUNK_HOME/etc/apps/ wget .../optimis.tar.gz tar -xzf optimis.tar.gz $SPLUNK_HOME/bin/splunk restart
The path of Splunk must be defined as an environment variable.
Setup after installation App on Splunk Enterprise:
1.The OptimIS appliance send data to Splunk indexer over TCP 4444 port using Universal Splunk Forwarder. To configure this input data, please create the file $ SPLUNK_HOME/etc/apps/ Optimis/local/inputs.conf and add the following lines to it:
[splunktcp://4444] disabled = 0 connection_host = ip
2.The "Optimis for splunk" application expects the index of events sent from the Optimis appliance to be set to "optimis". This index is used to optimize the data search performance for this application, please add a new index named "optimis" associated to “Optimis for Splunk” application in your Splunk configuration by creating the $SPLUNK_ROOT/etc/apps/Optimis /local/indexes.conf file, and adding the following lines to it:
[optimis] coldPath = $SPLUNK_DB/optimis/colddb homePath = $SPLUNK_DB/optimis/db thawedPath = $SPLUNK_DB/optimis/thaweddb
3.Restart splunk for the configuration changes to take effect
Splunk indexer is now listening for data from OptimIS appliance on port 4444.
When using Splunk Cloud, you must install the OptimIS for Splunk app from the Splunkbase.
The Splunk universal forwarder credentials package must be sent to Mixcom Team. It will be used to forward data from Splunk universal forwarder installed on OptimIS system.
To optimize the data search performance for this application, please add a new index named "optimis" associated to “Optimis for Splunk” application in your Splunk Cloud configuration.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.