Products‎ > ‎

Splunk Guide

Pre-Requisites

Splunk App procedure

  1. Log in to Splunk Web and navigate to Apps > Manage Apps.
  2. Click install app from file. Download fatstacks sRTMS from Splunkbase
  3. Upload a file, click under file and go search the app that you want install.
  4. Click on upload after your restart splunk web.

Splunk API User

  • sRTMS requires a Splunk User to pull data using Splunk API

Getting Started

  1. Log in to Splunk Web and navigate to Settings >Data inputs.
  2. Click on fatstacks
  3. Click on splunkapp
  4. Update the settings and click save
Splunk Data Inputs


Settings

 Software Asset Management Enable/Disable Software Asset Management "SVM"   module True/False
 Software Vulnerability Management Enable/Disable Software Vulnerability Management   "SVM" module True/False
 sRTMS API Url The sRTMS API Url. default: https://srtms.fatstacks.tech:11000
 sRTMS License Your sRTMS License Key.
 
 Please contact info@fatstacks.tech if you   need a Trial key
 <Please enter a value>
 sRTMS Login Your sRTMS Login. <Please enter a value>
 sRTMS Password Your sRTMS Password.  <Please enter a value>
 Splunk API Url The Splunk API Url.

 Format:
 https://<hostname>:<port>

 Please make sure the port is open. This   is  required for sRTMS to be able to run   search query from the Cloud.
<Please enter a value>
 Splunk Login The Splunk Login. <Please enter a value>
 Splunk Password The Splunk Password. <Please enter a value>
 Device Search The Splunk Device Search query. default
 Package Search The Splunk Package Search query. default
 sRTMS API size page default: 500

 Number of entries return by sRTMS per   API call.
 default: 500

More Settings

 Interval Number of seconds to wait before running the command again, or a valid cron schedule. (leave empty to run this script once) default: 86400 s (1day)
 Index Set the destination index for this source. default: srtms

Navigation

  1. Log in to Splunk Web and navigate to strms > Dashboards

Vulnerability Dashboard

Splunk Vulnerability Dashboard

Software Dashboard

Splunk Software Dashboard


Advanced Configuration

Alternatively of using data collected by Splunk, you can bring 3rd party data (Microsoft SCCM, AWS SSM, ServiceNow, etc) already load in sRTMS - using Connect - into Splunk.
  1. Log in to Splunk Web and navigate to Settings >Data inputs.
  2. Click on fatstacks
  3. On splunkapp line item, click clone
  4. Update the settings and click save
Splunk Data Inputs Advanced

Settings


 name Name of the sRTMS index that will be loaded into   Splunk <Please enter a value>
 Software Asset Management Enable/Disable Software Asset Management "SVM"   module True/False
 Software Vulnerability Management Enable/Disable Software Vulnerability Management   "SVM" module True/False
 sRTMS API Url The sRTMS API Url. default: https://srtms.fatstacks.tech:11000
 sRTMS License Your sRTMS License Key.
 
 Please contact info@fatstacks.tech if you   need a Trial key
 <Please enter a value>
 sRTMS Login Your sRTMS Login. <Please enter a value>
 sRTMS Password Your sRTMS Password.  <Please enter a value>
 Splunk API Url The Splunk API Url.

 Format:
 https://<hostname>:<port>

 Please make sure the port is open. This   is  required for sRTMS to be able to run   search query from the Cloud.
 KEEP IT EMPTY
 Splunk Login The Splunk Login. NOT USED
 Splunk Password The Splunk Password. NOT USED
 Device Search The Splunk Device Search query. NOT USED
 Package Search The Splunk Package Search query. NOT USED
 sRTMS API size page default: 500

 Number of entries return by sRTMS per   API call.
 default: 500

More Settings

 Interval Number of seconds to wait before running the command again, or a valid cron schedule. (leave empty to run this script once) default: 86400 s (1day)
 Index Set the destination index for this source. default: srtms


Troubleshooting


sRTMS logs are part of the Splunk logs
  1. Go to $Home$\Splunk\var\;og\splunk\splunkd.log
  2. Search for srtms.py
Splunk Logs